Vulnerabilities > CVE-2022-38474 - Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

mozilla

CWE-668

NVD

Published: 2022-12-22

Updated: 2023-01-03

Summary

A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.<br />*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 104.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Firefox 80.0 Mozilla Firefox 83.0 Mozilla Firefox 84.0 Mozilla Firefox 84.1.3 Mozilla Firefox 92.0	5

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References