Unrated severityNVD Advisory· Published Dec 22, 2022· Updated Apr 15, 2025
CVE-2022-46873
CVE-2022-46873
Description
Because Firefox did not implement the unsafe-hashes CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<108+ 1 more
- (no CPE)range: <108
- (no CPE)range: unspecified
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 108.0.1-1.1
Patches
Vulnerability mechanics
References
3- security.gentoo.org/glsa/202305-06mitrevendor-advisory
- bugzilla.mozilla.org/show_bug.cgimitre
- www.mozilla.org/security/advisories/mfsa2022-51/mitre
News mentions
0No linked articles in our index yet.