{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42929", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "dateUpdated": "2025-04-15T15:32:55.455Z", "dateReserved": "2022-10-14T00:00:00.000Z", "datePublished": "2022-12-22T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "106", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "102.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "102.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "If a website called <code>window.print()</code> in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4."}]}], "problemTypes": [{"descriptions": [{"description": "Denial of Service via window.print", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1789439"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-44/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-45/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-46/"}], "credits": [{"lang": "en", "value": "Andrei Enache"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2023-09-13T10:36:47.776Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:19:05.571Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1789439", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-44/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-45/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-46/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T15:32:51.646379Z", "id": "CVE-2022-42929", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T15:32:55.455Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "181587B4-3F8B-4B6F-8791-0323506EC07F", "versionEndExcluding": "106.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "580471D3-4C6C-4B73-A8DF-1823E1B2C683", "versionEndExcluding": "102.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "A311D0A5-0DA7-4C09-8C3D-3CBBF0273284", "versionEndExcluding": "102.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4."}, {"lang": "es", "value": "Si un sitio web se llama 'window.print()' de una manera particular, podr\u00eda causar una denegaci\u00f3n de servicio del navegador, que puede persistir m\u00e1s all\u00e1 del reinicio del navegador dependiendo de la configuraci\u00f3n de restauraci\u00f3n de sesi\u00f3n del usuario. Esta vulnerabilidad afecta a Firefox &lt; 106, Firefox ESR &lt; 102.4 y Thunderbird &lt; 102.4."}], "id": "CVE-2022-42929", "lastModified": "2025-04-15T16:15:19.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-22T20:15:40.577", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1789439"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-44/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-45/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-46/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1789439"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-44/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-45/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-46/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrei Enache as the original reporter.", "affected_release": [{"advisory": "RHSA-2022:7069", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:102.4.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-10-20T00:00:00Z"}, {"advisory": "RHSA-2022:7184", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:102.4.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:7070", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:102.4.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-10-20T00:00:00Z"}, {"advisory": "RHSA-2022:7190", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:102.4.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:7066", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "firefox-0:102.4.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-10-20T00:00:00Z"}, {"advisory": "RHSA-2022:7183", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "thunderbird-0:102.4.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:7068", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "firefox-0:102.4.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-10-20T00:00:00Z"}, {"advisory": "RHSA-2022:7182", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "thunderbird-0:102.4.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:7072", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "firefox-0:102.4.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-10-20T00:00:00Z"}, {"advisory": "RHSA-2022:7181", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "thunderbird-0:102.4.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:7071", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:102.4.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-10-20T00:00:00Z"}, {"advisory": "RHSA-2022:7178", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:102.4.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-10-25T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Denial of Service via window.print", "id": "2136158", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136158"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-400", "details": ["If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a website called `window.print()` causing a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings."], "name": "CVE-2022-42929", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2022-10-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-42929\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42929\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42929\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42929"], "threat_severity": "Moderate"}