CVE-2022-31744: XSS

Reference Links

• https://bugzilla.mozilla.org/show_bug.cgi?id=1757604
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/
• https://www.mozilla.org/security/advisories/mfsa2022-20/
• https://www.mozilla.org/security/advisories/mfsa2022-25/
• https://www.mozilla.org/security/advisories/mfsa2022-26/

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2022-25
• MFSA2022-26
• MFSA2022-20

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2022-34479
• CVE-2022-34470
• CVE-2022-34468
• CVE-2022-34481
• CVE-2022-31744
• CVE-2022-34472
• CVE-2022-34478
• CVE-2022-2200
• CVE-2022-34484
• CVE-2022-2226
• CVE-2022-31736
• CVE-2022-31737
• CVE-2022-31738
• CVE-2022-31739
• CVE-2022-31740
• CVE-2022-31741
• CVE-2022-31742
• CVE-2022-31743
• CVE-2022-31745
• CVE-2022-1919
• CVE-2022-31747
• CVE-2022-31748

Frequently Asked Questions

• What is the vulnerability ID?

  The vulnerability ID is CVE-2022-31744.

• What is the title of the vulnerability?

  The title of the vulnerability is 'An attacker could have injected CSS into stylesheets accessible via internal URIs such as resource:'.

• How can an attacker exploit this vulnerability?

  An attacker can exploit this vulnerability by injecting CSS into stylesheets accessible via internal URIs, such as resource:.

• Which software is affected by this vulnerability?

  The software affected by this vulnerability includes Mozilla Firefox versions up to and excluding 101, Mozilla Thunderbird versions up to and excluding 102, Mozilla Thunderbird version 91.11, and Mozilla Firefox ESR version 91.11.

• What is the severity of CVE-2022-31744?

  The severity of CVE-2022-31744 is medium with a CVSS score of 4.

• How can I fix this vulnerability?

  To fix this vulnerability, update your Mozilla Firefox or Mozilla Thunderbird software to the specified versions or higher.