High severity8.8NVD Advisory· Published Dec 22, 2022· Updated Jun 17, 2026
CVE-2022-22755
CVE-2022-22755
Description
By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<97+ 1 more
- (no CPE)range: <97
- (no CPE)range: unspecified
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 97.0-1.1
Patches
Vulnerability mechanics
References
2- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingVendor Advisory
- www.mozilla.org/security/advisories/mfsa2022-04/nvdVendor Advisory
News mentions
0No linked articles in our index yet.