Multiple vulnerabilities in Pale Moon
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2022-22736 CVE-2022-22741 CVE-2021-4140 CVE-2022-22746 CVE-2022-22744 CVE-2022-22747 |
| CWE-ID | CWE-428 CWE-1021 CWE-254 CWE-78 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Pale Moon Client/Desktop applications / Web browsers |
| Vendor | Pale Moon |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Unquoted Search Path or Element
EUVDB-ID: #VU59380
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-22736
CWE-ID:
CWE-428 - Unquoted Search Path or Element
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unquoted search path in Firefox installer. A local user with ability to write files into the Firefox installation folder can place a specially crafted library and execute arbitrary code on the system.
The vulnerability affects Firefox for Windows in a non-default installation.
Install update from vendor's website.
Vulnerable software versionsPale Moon: 20.0 - 29.4.3
CPE2.3- cpe:2.3:a:pale_moon:pale_moon:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:pale_moon:pale_moon:20.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pale_moon:pale_moon:20.1:*:*:*:*:*:*:*
https://www.palemoon.org/releasenotes.shtml
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Restriction of Rendered UI Layers or Frames
EUVDB-ID: #VU59369
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-22741
CWE-ID:
CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error resizing a popup while requesting fullscreen access. A remote attacker can
trick the victim to open a specially crafted web page, and make the
browser unable to leave fullscreen mode.
Install update from vendor's website.
Vulnerable software versionsPale Moon: 20.0 - 29.4.3
CPE2.3- cpe:2.3:a:pale_moon:pale_moon:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:pale_moon:pale_moon:20.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pale_moon:pale_moon:20.1:*:*:*:*:*:*:*
https://www.palemoon.org/releasenotes.shtml
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security features bypass
EUVDB-ID: #VU59373
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-4140
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in iframe sandbox implementation when processing XSLT markup. A remote attacker can bypass iframe sandbox and execute arbitrary JavaScript code in context of arbitrary window.
Install update from vendor's website.
Vulnerable software versionsPale Moon: 20.0 - 29.4.3
CPE2.3- cpe:2.3:a:pale_moon:pale_moon:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:pale_moon:pale_moon:20.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pale_moon:pale_moon:20.1:*:*:*:*:*:*:*
https://www.palemoon.org/releasenotes.shtml
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Restriction of Rendered UI Layers or Frames
EUVDB-ID: #VU59366
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-22746
CWE-ID:
CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to a race condition when calling reportValidity. A remote attacker can trick the victim to open a specially crafted web page and bypass the fullscreen notification, which can lead to spoofing attack.
Install update from vendor's website.
Vulnerable software versionsPale Moon: 20.0 - 29.4.3
CPE2.3- cpe:2.3:a:pale_moon:pale_moon:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:pale_moon:pale_moon:20.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pale_moon:pale_moon:20.1:*:*:*:*:*:*:*
https://www.palemoon.org/releasenotes.shtml
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) OS Command Injection
EUVDB-ID: #VU59378
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-22744
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the "Copy as curl" feature in DevTools. A remote attacker can trick the victim to cope a specially crafted link and execute arbitrary commands on the system, if copied data is pasted into a Powershell prompt.
MitigationInstall update from vendor's website.
Vulnerable software versionsPale Moon: 20.0 - 29.4.3
CPE2.3- cpe:2.3:a:pale_moon:pale_moon:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:pale_moon:pale_moon:20.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pale_moon:pale_moon:20.1:*:*:*:*:*:*:*
https://www.palemoon.org/releasenotes.shtml
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU59379
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-22747
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of empty pkcs7 sequence, passed as part of the certificate data. A remote attacker can pass specially crafted certificate to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPale Moon: 20.0 - 29.4.3
CPE2.3- cpe:2.3:a:pale_moon:pale_moon:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:pale_moon:pale_moon:20.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pale_moon:pale_moon:20.1:*:*:*:*:*:*:*
https://www.palemoon.org/releasenotes.shtml
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
