{"id":"USN-5782-1","summary":"firefox vulnerabilities","details":"It was discovered that Firefox was using an out-of-date libusrsctp library.\nAn attacker could possibly use this library to perform a reentrancy issue\non Firefox. (CVE-2022-46871)\n\nNika Layzell discovered that Firefox was not performing a check on paste\nreceived from cross-processes. An attacker could potentially exploit this\nto obtain sensitive information. (CVE-2022-46872)\n\nPete Freitag discovered that Firefox did not implement the unsafe-hashes\nCSP directive. An attacker who was able to inject markup into a page\notherwise protected by a Content Security Policy may have been able to\ninject an executable script. (CVE-2022-46873)\n\nMatthias Zoellner discovered that Firefox was not keeping the filename\nending intact when using the drag-and-drop event. An attacker could\npossibly use this issue to add a file with a malicious extension, leading\nto execute arbitrary code. (CVE-2022-46874)\n\nHafiizh discovered that Firefox was not handling fullscreen notifications\nwhen the browser window goes into fullscreen mode. An attacker could\npossibly use this issue to spoof the user and obtain sensitive information.\n(CVE-2022-46877)\n\nMultiple security issues were discovered in Firefox. If a user were\ntricked into opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service, obtain sensitive\ninformation across domains, or execute arbitrary code. (CVE-2022-46878, \nCVE-2022-46879) \n","modified":"2026-02-10T04:42:53Z","published":"2022-12-15T07:08:35Z","related":["UBUNTU-CVE-2022-46871","UBUNTU-CVE-2022-46872","UBUNTU-CVE-2022-46873","UBUNTU-CVE-2022-46874","UBUNTU-CVE-2022-46877","UBUNTU-CVE-2022-46878","UBUNTU-CVE-2022-46879"],"upstream":["CVE-2022-46871","CVE-2022-46872","CVE-2022-46873","CVE-2022-46874","CVE-2022-46877","CVE-2022-46878","CVE-2022-46879","UBUNTU-CVE-2022-46871","UBUNTU-CVE-2022-46872","UBUNTU-CVE-2022-46873","UBUNTU-CVE-2022-46874","UBUNTU-CVE-2022-46877","UBUNTU-CVE-2022-46878","UBUNTU-CVE-2022-46879"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5782-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-46871"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-46872"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-46873"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-46874"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-46877"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-46878"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-46879"}],"affected":[{"package":{"name":"firefox","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/firefox@108.0+build2-0ubuntu0.18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"108.0+build2-0ubuntu0.18.04.1"}]}],"versions":["56.0+build6-0ubuntu1","57.0.1+build2-0ubuntu1","59.0.1+build1-0ubuntu1","59.0.2+build1-0ubuntu1","60.0+build2-0ubuntu1","60.0.1+build2-0ubuntu0.18.04.1","60.0.2+build1-0ubuntu0.18.04.1","61.0+build3-0ubuntu0.18.04.1","61.0.1+build1-0ubuntu0.18.04.1","62.0+build2-0ubuntu0.18.04.3","62.0+build2-0ubuntu0.18.04.4","62.0+build2-0ubuntu0.18.04.5","62.0.3+build1-0ubuntu0.18.04.1","63.0+build2-0ubuntu0.18.04.2","63.0.3+build1-0ubuntu0.18.04.1","64.0+build3-0ubuntu0.18.04.1","65.0+build2-0ubuntu0.18.04.1","65.0.1+build2-0ubuntu0.18.04.1","66.0+build3-0ubuntu0.18.04.1","66.0.1+build1-0ubuntu0.18.04.1","66.0.2+build1-0ubuntu0.18.04.1","66.0.3+build1-0ubuntu0.18.04.1","66.0.4+build3-0ubuntu0.18.04.1","66.0.5+build1-0ubuntu0.18.04.1","67.0+build2-0ubuntu0.18.04.1","67.0.1+build1-0ubuntu0.18.04.1","67.0.2+build2-0ubuntu0.18.04.1","67.0.3+build1-0ubuntu0.18.04.1","67.0.4+build1-0ubuntu0.18.04.1","68.0+build3-0ubuntu0.18.04.1","68.0.1+build1-0ubuntu0.18.04.1","68.0.2+build1-0ubuntu0.18.04.1","69.0+build2-0ubuntu0.18.04.1","69.0.1+build1-0ubuntu0.18.04.1","69.0.2+build1-0ubuntu0.18.04.1","70.0+build2-0ubuntu0.18.04.1","70.0.1+build1-0ubuntu0.18.04.1","71.0+build5-0ubuntu0.18.04.1","72.0.1+build1-0ubuntu0.18.04.1","72.0.2+build1-0ubuntu0.18.04.1","73.0+build3-0ubuntu0.18.04.1","73.0.1+build1-0ubuntu0.18.04.1","74.0+build3-0ubuntu0.18.04.1","74.0.1+build1-0ubuntu0.18.04.1","75.0+build3-0ubuntu0.18.04.1","76.0+build2-0ubuntu0.18.04.1","76.0.1+build1-0ubuntu0.18.04.1","77.0.1+build1-0ubuntu0.18.04.1","78.0.1+build1-0ubuntu0.18.04.1","78.0.2+build2-0ubuntu0.18.04.1","79.0+build1-0ubuntu0.18.04.1","80.0+build2-0ubuntu0.18.04.1","80.0.1+build1-0ubuntu0.18.04.1","81.0+build2-0ubuntu0.18.04.1","81.0.2+build1-0ubuntu0.18.04.1","82.0+build2-0ubuntu0.18.04.1","82.0.2+build1-0ubuntu0.18.04.1","82.0.3+build1-0ubuntu0.18.04.1","83.0+build2-0ubuntu0.18.04.2","84.0+build3-0ubuntu0.18.04.1","84.0.1+build1-0ubuntu0.18.04.1","84.0.2+build1-0ubuntu0.18.04.1","85.0+build1-0ubuntu0.18.04.1","85.0.1+build1-0ubuntu0.18.04.1","86.0+build3-0ubuntu0.18.04.1","86.0.1+build1-0ubuntu0.18.04.1","87.0+build3-0ubuntu0.18.04.2","88.0+build2-0ubuntu0.18.04.2","88.0.1+build1-0ubuntu0.18.04.2","89.0+build2-0ubuntu0.18.04.2","89.0.1+build1-0ubuntu0.18.04.1","89.0.2+build1-0ubuntu0.18.04.1","90.0+build1-0ubuntu0.18.04.1","90.0.2+build1-0ubuntu0.18.04.1","91.0+build2-0ubuntu0.18.04.1","91.0.1+build1-0ubuntu0.18.04.1","91.0.2+build1-0ubuntu0.18.04.1","92.0+build3-0ubuntu0.18.04.1","93.0+build1-0ubuntu0.18.04.1","94.0+build3-0ubuntu0.18.04.1","95.0+build1-0ubuntu0.18.04.1","95.0.1+build2-0ubuntu0.18.04.1","96.0+build2-0ubuntu0.18.04.1","97.0+build2-0ubuntu0.18.04.1","97.0.2+build1-0ubuntu0.18.04.1","98.0+build3-0ubuntu0.18.04.2","98.0.1+build2-0ubuntu0.18.04.1","98.0.2+build1-0ubuntu0.18.04.1","99.0+build2-0ubuntu0.18.04.2","100.0+build2-0ubuntu0.18.04.1","100.0.2+build1-0ubuntu0.18.04.1","101.0.1+build1-0ubuntu0.18.04.1","102.0+build2-0ubuntu0.18.04.1","103.0+build1-0ubuntu0.18.04.1","104.0+build3-0ubuntu0.18.04.1","105.0+build2-0ubuntu0.18.04.1","106.0.2+build1-0ubuntu0.18.04.1","106.0.5+build1-0ubuntu0.18.04.1","107.0+build2-0ubuntu0.18.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"firefox","binary_version":"108.0+build2-0ubuntu0.18.04.1"},{"binary_name":"firefox-dev","binary_version":"108.0+build2-0ubuntu0.18.04.1"},{"binary_name":"firefox-geckodriver","binary_version":"108.0+build2-0ubuntu0.18.04.1"},{"binary_name":"firefox-mozsymbols","binary_version":"108.0+build2-0ubuntu0.18.04.1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46871"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46872"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46873"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46874"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46877"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46878"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46879"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5782-1.json"}},{"package":{"name":"firefox","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/firefox@108.0+build2-0ubuntu0.20.04.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"108.0+build2-0ubuntu0.20.04.1"}]}],"versions":["69.0.3+build1-0ubuntu1","70.0+build2-0ubuntu1","70.0+build2-0ubuntu2","70.0.1+build1-0ubuntu2","71.0+build2-0ubuntu2","71.0+build5-0ubuntu1","72.0.1+build1-0ubuntu1","72.0.2+build1-0ubuntu1","73.0+build1-0ubuntu1","73.0+build2-0ubuntu1","73.0+build3-0ubuntu1","73.0.1+build1-0ubuntu1","74.0+build1-0ubuntu1","74.0+build2-0ubuntu1","74.0+build2-0ubuntu2","74.0+build3-0ubuntu1","75.0+build3-0ubuntu1","76.0+build2-0ubuntu0.20.04.1","76.0.1+build1-0ubuntu0.20.04.1","77.0.1+build1-0ubuntu0.20.04.1","78.0.1+build1-0ubuntu0.20.04.1","78.0.2+build2-0ubuntu0.20.04.1","79.0+build1-0ubuntu0.20.04.1","80.0+build2-0ubuntu0.20.04.1","80.0.1+build1-0ubuntu0.20.04.1","81.0+build2-0ubuntu0.20.04.1","81.0.2+build1-0ubuntu0.20.04.1","82.0+build2-0ubuntu0.20.04.1","82.0.2+build1-0ubuntu0.20.04.1","82.0.3+build1-0ubuntu0.20.04.1","83.0+build2-0ubuntu0.20.04.1","84.0+build3-0ubuntu0.20.04.1","84.0.1+build1-0ubuntu0.20.04.1","84.0.2+build1-0ubuntu0.20.04.1","85.0+build1-0ubuntu0.20.04.1","85.0.1+build1-0ubuntu0.20.04.1","86.0+build3-0ubuntu0.20.04.1","86.0.1+build1-0ubuntu0.20.04.1","87.0+build3-0ubuntu0.20.04.2","88.0+build2-0ubuntu0.20.04.1","88.0.1+build1-0ubuntu0.20.04.2","89.0+build2-0ubuntu0.20.04.2","89.0.1+build1-0ubuntu0.20.04.1","89.0.2+build1-0ubuntu0.20.04.1","90.0+build1-0ubuntu0.20.04.1","90.0.2+build1-0ubuntu0.20.04.1","91.0+build2-0ubuntu0.20.04.1","91.0.1+build1-0ubuntu0.20.04.1","91.0.2+build1-0ubuntu0.20.04.1","92.0+build3-0ubuntu0.20.04.1","93.0+build1-0ubuntu0.20.04.1","94.0+build3-0ubuntu0.20.04.1","95.0+build1-0ubuntu0.20.04.1","95.0.1+build2-0ubuntu0.20.04.1","96.0+build2-0ubuntu0.20.04.1","97.0+build2-0ubuntu0.20.04.1","97.0.2+build1-0ubuntu0.20.04.1","98.0+build3-0ubuntu0.20.04.2","98.0.1+build2-0ubuntu0.20.04.1","98.0.2+build1-0ubuntu0.20.04.1","99.0+build2-0ubuntu0.20.04.2","100.0+build2-0ubuntu0.20.04.1","100.0.2+build1-0ubuntu0.20.04.1","101.0.1+build1-0ubuntu0.20.04.1","102.0+build2-0ubuntu0.20.04.1","103.0+build1-0ubuntu0.20.04.1","104.0+build3-0ubuntu0.20.04.1","105.0+build2-0ubuntu0.20.04.1","106.0.2+build1-0ubuntu0.20.04.1","106.0.5+build1-0ubuntu0.20.04.1","107.0+build2-0ubuntu0.20.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"firefox","binary_version":"108.0+build2-0ubuntu0.20.04.1"},{"binary_name":"firefox-dev","binary_version":"108.0+build2-0ubuntu0.20.04.1"},{"binary_name":"firefox-geckodriver","binary_version":"108.0+build2-0ubuntu0.20.04.1"},{"binary_name":"firefox-mozsymbols","binary_version":"108.0+build2-0ubuntu0.20.04.1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46871"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46872"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46873"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46874"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46877"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46878"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-46879"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5782-1.json"}}],"schema_version":"1.7.3"}