Fluid Attacks Database

Description

Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	ublock-origin	=1.33.0+dfsg-1 \|\| =1.37.0+dfsg-1 \|\| =1.37.0+dfsg-1~deb10u1 \|\| =1.37.0+dfsg-1~deb11u1 \|\| =1.39.0+dfsg-1 \|\| =1.39.0+dfsg-2 \|\| =1.40.2+dfsg-1 \|\| =1.42.0+dfsg-1~deb10u1 \|\| =1.42.0+dfsg-1~deb9u1 \|\| >=0 <1.42.0+dfsg-1~deb11u1	1.42.0+dfsg-1~deb11u1
debian 12	ublock-origin	>=0 <1.42.0+dfsg-1	1.42.0+dfsg-1
debian 13	ublock-origin	>=0 <1.42.0+dfsg-1	1.42.0+dfsg-1
debian 14	ublock-origin	>=0 <1.42.0+dfsg-1	1.42.0+dfsg-1

Aliases

1. CVE-2022-323082. NVD-2022-323083. OSV-DEBIAN-2022-323084. OSV-2022-323085. SECURITY-TRACKER-CVE-2022-32308