UBUNTU-CVE-2022-45419
- Source
- https://ubuntu.com/security/CVE-2022-45419
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-45419.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-45419
- Upstream
- Downstream
- Related
- Published
- 2022-11-16T00:00:00Z
- Modified
- 2025-07-18T16:49:39Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted. This vulnerability affects Firefox < 107.
- References
Affected packages
Ubuntu:Pro:18.04:LTS / mozjs52
Package
- Name
- mozjs52
- Purl
- pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source&distro=esm-infra/bionic
Ubuntu:Pro:18.04:LTS / mozjs38
Package
- Name
- mozjs38
- Purl
- pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:20.04:LTS / mozjs68
Package
- Name
- mozjs68
- Purl
- pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source&distro=esm-infra/focal
Ubuntu:Pro:20.04:LTS / mozjs52
Package
- Name
- mozjs52
- Purl
- pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / mozjs78
Package
- Name
- mozjs78
- Purl
- pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source&distro=jammy