CVE-2022-42929: 
NixOS vulnerability analysis and mitigation

CVE-2022-42929 is a denial of service vulnerability discovered in Mozilla Firefox's window.print() functionality. The vulnerability was reported by Andrei Enache and fixed in Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4, with the official disclosure made on October 18, 2022. The vulnerability affects Firefox versions below 106, Firefox ESR versions below 102.4, and Thunderbird versions below 102.4 (Mozilla Advisory, NVD).

The vulnerability occurs when a website calls the window.print() function in a specific way, which could trigger a denial of service condition in the browser. The issue was particularly problematic because it could be triggered by running two print() calls simultaneously in the console without closing the dialog after the first one, leading to a new browser window opening without any popup permissions. The vulnerability was assigned a moderate severity rating (Mozilla Advisory).

When exploited, this vulnerability could cause a persistent denial of service that may continue even after browser restart, depending on the user's session restore settings. The impact was exacerbated by the fact that new windows would steal focus, making it difficult to stop the browser. In worst-case scenarios, this could lead to a persistent full denial of service of browser functionality (Mozilla Advisory).

The vulnerability was fixed in Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4. Users are advised to update to these versions or newer to mitigate the vulnerability. The fix involved preventing reentrant programmatic print calls and implementing proper error handling when tab-modal print is already open (Mozilla Advisory).