CVE-2022-42929 A browser may shut down if a site calls code>window.print()/code>, which may persist beyond browser restart.

It is especially dangerous if the user has session restore enabled, as this will cause any persistent instance of the print() vulnerability to persist across browser restarts. If you are using any printing functionality in your website, be sure to check for user input validation on every single print() call to ensure that no persistent XSS is being executed.

HTML Injection Vulnerability

A vulnerability in HTML (Hypertext Markup Language) enabled browsers allows for a malicious user to execute a persistent XSS on the target website.
If the vulnerability is exploited it will allow for an attacker to have full access to the victim's browser and take control of the session. The severity of this vulnerability is high because it allows for an attacker to persistently hijack the browser without any action from the victim, meaning that any other attack launched by the attacker could be executed with full control of the browser.

Timeline

Published on: 12/22/2022 20:15:00 UTC
Last modified on: 01/04/2023 02:43:00 UTC

References

• https://www.mozilla.org/security/advisories/mfsa2022-46/
• https://www.mozilla.org/security/advisories/mfsa2022-45/
• https://www.mozilla.org/security/advisories/mfsa2022-44/
• https://bugzilla.mozilla.org/show_bug.cgi?id=1789439
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42929