{"api_version":"1","generated_at":"2026-04-23T05:59:08+00:00","cve":"CVE-2022-45417","urls":{"html":"https://cve.report/CVE-2022-45417","api":"https://cve.report/api/cve/CVE-2022-45417.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-45417","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-45417"},"summary":{"title":"CVE-2022-45417","description":"Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2022-12-22 20:15:00","updated_at":"2023-01-04 19:42:00"},"problem_types":["CWE-1021"],"metrics":[],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1794508","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1794508","refsource":"MISC","tags":[],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/","name":"https://www.mozilla.org/security/advisories/mfsa2022-47/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Firefox 107 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-45417","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45417","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"45417","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-45417","qid":"199028","title":"Ubuntu Security Notification for Firefox Vulnerabilities (USN-5726-1)"},{"cve":"CVE-2022-45417","qid":"296098","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 52.132.2 Missing (CPUOCT2022)"},{"cve":"CVE-2022-45417","qid":"377768","title":"Mozilla Firefox Multiple Vulnerabilities (MFSA2022-47)"},{"cve":"CVE-2022-45417","qid":"710686","title":"Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202211-06)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-45417","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox","version":{"version_data":[{"version_value":"107","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Service Workers in Private Browsing Mode may have been written to disk"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2022-47/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1794508","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1794508"}]},"description":{"description_data":[{"lang":"eng","value":"Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107."}]}},"nvd":{"publishedDate":"2022-12-22 20:15:00","lastModifiedDate":"2023-01-04 19:42:00","problem_types":["CWE-1021"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"107.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}