CVE-2022-45417

MEDIUM

Firefox < 107 - Info Disclosure

Title source: llm

Description

Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.

References (2)

[Issue Tracking, Permissions Required, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=1794508

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2022-47/

Scores

CVSS v3 4.3

EPSS 0.0018

EPSS Percentile 38.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1021

Status published

Products (1)

mozilla/firefox < 107.0

Published Dec 22, 2022

Tracked Since Feb 18, 2026