{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-31743", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "dateUpdated": "2024-08-03T07:26:01.191Z", "dateReserved": "2022-05-26T00:00:00", "datePublished": "2022-12-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2022-12-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101."}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"version": "unspecified", "lessThan": "101", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-20/"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1747388"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "HTML Parsing incorrectly ended HTML comments prematurely"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:01.191Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-20/", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1747388", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "52843F5C-D729-47F6-AAAF-7BAFCE67D91F", "versionEndExcluding": "101.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101."}, {"lang": "es", "value": "El analizador HTML de Firefox no interpret\u00f3 correctamente las etiquetas de comentarios HTML, lo que provoc\u00f3 una incongruencia con otros navegadores. Esto podr\u00eda haberse utilizado para escapar de los comentarios HTML en p\u00e1ginas que contienen datos controlados por el usuario. Esta vulnerabilidad afecta a Firefox &lt; 101."}], "id": "CVE-2022-31743", "lastModified": "2024-11-21T07:05:12.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-22T20:15:29.517", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1747388"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-20/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1747388"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-20/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}