Exposure of Resource to Wrong Sphere

CVE-2022-38474

Medium

4.3/10

Summary

A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.<br />*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 104.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References

Advisory Timeline

Published Dec 22, 2022

Exposure of Resource to Wrong Sphere

CVE-2022-38474

Summary

CWE-668 - Exposure of Resource to Wrong Sphere

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS