Thursday, April 7, 2022

MFSA2022-13 Firefox: Security Vulnerabilities fixed in Firefox 99 (CVE-2022-28284)

rapid7 vulnerabilities In: , 
Description
SVG's <use> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with theirs.
Solution(s)
  • mozilla-firefox-upgrade-99_0


    • References
  • https://attackerkb.com/topics/cve-2022-28284
  • CVE - 2022-28284
  • http://www.mozilla.org/security/announce/2022/mfsa2022-13.html




    •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore