CVE-2022-34474

一、漏洞信息
 漏洞编号：[CVE-2022-34474](https://nvd.nist.gov/vuln/detail/CVE-2022-34474)
 漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)
 漏洞归属的版本：102.15.0,128.10.0,62.0.3,79.0
 CVSS V3.0分值：
  BaseScore：6.1 Medium
  Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
 漏洞简述：
  Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102.
 漏洞公开时间：2022-12-23 04:15:32
 漏洞创建时间：2022-06-28 13:34:29
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2022-34474
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| security.mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1677138 |  |
| security.mozilla.org | https://www.mozilla.org/security/advisories/mfsa2022-24/ |  |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=1677138 |  |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mozilla.org/security/advisories/mfsa2022-24/ |  |
| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34474 | https://ubuntu.com/security/CVE-2022-34474 |
| ubuntu | https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34474 | https://ubuntu.com/security/CVE-2022-34474 |
| ubuntu | https://ubuntu.com/security/notices/USN-5504-1 | https://ubuntu.com/security/CVE-2022-34474 |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2022-34474 | https://ubuntu.com/security/CVE-2022-34474 |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2022-34474 | https://ubuntu.com/security/CVE-2022-34474 |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2022-34474 | https://ubuntu.com/security/CVE-2022-34474 |
| debian |  | https://security-tracker.debian.org/tracker/CVE-2022-34474 |
| firefox | https://bugzilla.mozilla.org/show_bug.cgi?id=1677138 | https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/ |
| gentoo |  | https://security.gentoo.org/glsa/202208-08 |
| anolis |  | https://anas.openanolis.cn/cves/detail/CVE-2022-34474 |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
|  |  | https://bugzilla.mozilla.org/show_bug.cgi?id=1677138 |  | nvd |
|  |  | https://www.mozilla.org/security/advisories/mfsa2022-24/ |  | nvd |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
  该漏洞在20.03分支由于依赖问题无法修复，其他分支已修复
 openEuler评分：
  6.1
 Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP4(79.0):受影响
2.master(128.10.0):不受影响
3.openEuler-22.03-LTS-SP3:不受影响
4.openEuler-22.03-LTS-SP4:不受影响
5.openEuler-24.03-LTS:不受影响
6.openEuler-24.03-LTS-Next:不受影响
7.openEuler-24.03-LTS-SP1:不受影响
8.openEuler-24.03-LTS-SP2:

修复是否涉及abi变化(是/否)：
  1.master(128.10.0):否
2.openEuler-20.03-LTS-SP4(79.0):否
3.openEuler-22.03-LTS-SP3:否
4.openEuler-22.03-LTS-SP4:否
5.openEuler-24.03-LTS:否
6.openEuler-24.03-LTS-Next:否
7.openEuler-24.03-LTS-SP1:否
8.openEuler-24.03-LTS-SP2:

原因说明：
  1.openEuler-20.03-LTS-SP4(79.0):暂不修复-待升级版本修复
2.master(128.10.0):不受影响-漏洞代码不能被攻击者触发
3.openEuler-22.03-LTS-SP3:不受影响-漏洞代码不能被攻击者触发
4.openEuler-22.03-LTS-SP4:不受影响-漏洞代码不能被攻击者触发
5.openEuler-24.03-LTS:不受影响-漏洞代码不能被攻击者触发
6.openEuler-24.03-LTS-Next:不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-SP1:不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-SP2:

src-openEuler/firefox

内容风险标识

评论 (8)

src-openEuler/firefox .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2022-34474

评论 (8)

搜索帮助

src-openEuler/firefox