CVE-2022-0886 Reject candidate

If you decide to use this candidate, please edit the first paragraph of the description to add a reference to the correct CVE. Details for reference: This candidate was originally reported as a duplicate of CVE-2022-27666. However, when checking the implementation against the specification, it was identified that the issue described in this candidate is different from the issue described in CVE-2022-27666. Therefore, this candidate has been assigned its own reason.

5.1 partial parsing of UTF-8

The 5.1 partial parsing of UTF-8 is a vulnerability that allows for remote code execution. This issue was assigned ID CVE-2022-0886 in October 2016 when it was first discovered and reported to the open source project. The implementation of this candidate also has an additional behavior that allows for a denial-of-service (DoS) attack.

References: CVE-2022-27666:

Vulnerability in Adobe Flash Player: Use-after-free vulnerability
Looking for a candidate that references CVE-2022-27666?
This candidate was originally reported as a duplicate of CVE-2022-27666. However, when checking the implementation against the specification, it was identified that the issue described in this candidate is different from the issue described in CVE-2022-27666. Therefore, this candidate has been assigned its own reason.

Vulnerability summary

A vulnerability (CVE-2022-0886) in the web browser Mozilla Firefox was discovered that could be used to circumvent security restrictions.

The vulnerability was found in a feature of Firefox's JavaScript engine, which allows for cross-origin iframes to be loaded from another domain than the one where it is being loaded. This allows for malicious sites to load iframes with malicious code without any warning or notification to users.

Products Affected by CVE-2022-0886

The following products are affected by this vulnerability:

- Oracle Database Server OJVM

- Oracle Database Server RAC OJVM

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe