GSD-2022-26485 — Vulnetix

GSD-2022-26485 PUBLISHED CVSS 8.800000190734863 HIGH

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Mozilla	Firefox ESR	unspecified
Mozilla	Focus	unspecified
Mozilla	Thunderbird	unspecified
Mozilla	Firefox	unspecified
Mozilla	Firefox for Android	unspecified

Timeline

Mar 5, 2022 CVE Published
Mar 7, 2022 PoC Published
Jun 14, 2023 PoC Published
Dec 24, 2024 PoC Published
Feb 23, 2025 PoC Published
Feb 2, 2026 PoC Published

References

https://www.mozilla.org/security/advisories/mfsa2022-09/ url
https://bugzilla.mozilla.org/show_bug.cgi?id=1758062 url
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26485 url

Open in Interactive Console →