CVE-2022-42930: 
NixOS vulnerability analysis and mitigation

CVE-2022-42930 is a race condition vulnerability discovered in Firefox's DOM Workers component. The vulnerability was reported by Armin Ebert and fixed in Firefox 106, which was released on October 18, 2022. The issue affects Firefox versions prior to 106, where a data race could occur in the ThirdPartyUtil component when two Workers simultaneously initialized their CacheStorage (Mozilla Advisory).

The vulnerability manifests when two Worker threads concurrently initialize their CacheStorage. Since CacheStorage is created lazily, the race condition occurs during the first access to the caches global object. The data race specifically happens in the XPCOMService_GetThirdPartyUtil component, affecting the ThirdPartyUtil initialization process. The issue was assigned a moderate severity rating by Mozilla (Mozilla Advisory).

The vulnerability has been classified with moderate severity impact. While the full extent of potential exploitation isn't detailed in public sources, the race condition in the ThirdPartyUtil component could potentially lead to inconsistent states or unexpected behavior in the browser's handling of third-party content (Mozilla Advisory).

The vulnerability was fixed in Firefox version 106. Users and organizations running affected versions of Firefox should upgrade to Firefox 106 or later to mitigate this vulnerability. No specific workarounds were published for users unable to upgrade immediately (Mozilla Advisory).