Internal URL Exposure in Firefox for iOS by Mozilla
CVE-2022-31746

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 22 December 2022

Summary

This vulnerability allows internal URLs to be unintentionally exposed through the Referrer header due to the improper protection of a secret UUID key. As a result, the UUID can be revealed in certain web page contexts, compromising the security of such internal resources. This issue specifically affects versions of Firefox for iOS prior to 102, and users may be at risk if their web requests inadvertently disclose sensitive information.

Affected Version(s)

Firefox for iOS < 102

References

https://www.mozilla.org/security/advisories/mfsa2022-27/

https://bugzilla.mozilla.org/show_bug.cgi?id=1654416

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 22, 2022
Vulnerability Reserved
May 26, 2022