What is CVE-2022-45411?

CVE-2022-45411 is a vulnerability that allows for Cross-Site Tracing, enabling an XSS attack to access authorization headers and cookies that are not accessible to JavaScript.

How severe is CVE-2022-45411?

CVE-2022-45411 has a severity score of 6.1, which is classified as medium.

What software is affected by CVE-2022-45411?

Mozilla Thunderbird versions up to and excluding 102.5, Mozilla Firefox versions up to and excluding 107, and Mozilla Firefox ESR versions up to and excluding 102.5 are affected by CVE-2022-45411.

How can I mitigate the CVE-2022-45411 vulnerability?

To mitigate the CVE-2022-45411 vulnerability, update Mozilla Thunderbird to version 102.5, update Mozilla Firefox to version 107, or update Mozilla Firefox ESR to version 102.5.

Where can I find more information about CVE-2022-45411?

You can find more information about CVE-2022-45411 on the Mozilla Bugzilla website and the Mozilla security advisories.

Vulnerability/
CVE-2022-45411

medium

6.1

CWE

15/11/2022

22/12/2022

3/8/2024

CVE-2022-45411: XSS

First published: Tue Nov 15 2022(Updated: )

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequest; however some webservers have implemented non-standard headers such as X-Http-Method-Override that override the HTTP method, and made this attack possible again. Firefox has applied the same mitigations to the use of this and similar headers.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Thunderbird	<102.5	102.5
	<107	107
	<102.5	102.5
	<102.5	102.5
Mozilla Firefox	<107.0
Mozilla Firefox ESR	<102.5
Mozilla Thunderbird	<102.5

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2022-45411?
CVE-2022-45411 is a vulnerability that allows for Cross-Site Tracing, enabling an XSS attack to access authorization headers and cookies that are not accessible to JavaScript.
How severe is CVE-2022-45411?
CVE-2022-45411 has a severity score of 6.1, which is classified as medium.
What software is affected by CVE-2022-45411?
Mozilla Thunderbird versions up to and excluding 102.5, Mozilla Firefox versions up to and excluding 107, and Mozilla Firefox ESR versions up to and excluding 102.5 are affected by CVE-2022-45411.
How can I mitigate the CVE-2022-45411 vulnerability?
To mitigate the CVE-2022-45411 vulnerability, update Mozilla Thunderbird to version 102.5, update Mozilla Firefox to version 107, or update Mozilla Firefox ESR to version 102.5.
Where can I find more information about CVE-2022-45411?
You can find more information about CVE-2022-45411 on the Mozilla Bugzilla website and the Mozilla security advisories.

collector/mozilla-advisory
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/severity
agent/references
agent/author
source/Mozilla
agent/software-canonical-lookup
agent/event
agent/description
agent/weakness
agent/software-canonical-lookup-request
agent/tags
collector/nvd-index
collector/mitre-cve
source/MITRE
vendor/mozilla
canonical/mozilla thunderbird
canonical/mozilla firefox esr
canonical/mozilla firefox