Operation on a Resource after Expiration or Release
CVE-2022-22755
Summary
By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- HIGH
CWE-672 - Operation on a Resource after Expiration or Release
The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
References
Advisory Timeline
- Published