Origin Validation Error

CVE-2022-34477

High

7.5/10

Summary

The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox prior to 102.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-346 - Origin Validation Error

The software does not properly verify that the source of data or communication is valid.

References

Advisory
Issue
Advisory

Advisory Timeline

Published Dec 22, 2022

Origin Validation Error

CVE-2022-34477

Summary

CWE-346 - Origin Validation Error

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS