vulnerability

MFSA2022-13 Firefox: Security Vulnerabilities fixed in Firefox 99 (CVE-2022-28284)

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Apr 5, 2022
Added
Apr 6, 2022
Modified
Jan 30, 2025

Description

SVG's <use> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with theirs. This vulnerability affects Firefox

Solution

mozilla-firefox-upgrade-99_0
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.