CVE-2022-34476
CRITICAL WAF: Medium
CVSS 9.8
Published: 2022-12-22
CWE-20
ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102.
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | up to 102.0 |
References
- bugzilla.mozilla.org (Issue Tracking, Permissions Required, Vendor Advisory)
- www.mozilla.org (Vendor Advisory)