CVE-2022-45413: 
NixOS vulnerability analysis and mitigation

CVE-2022-45413 is a security vulnerability discovered in Firefox for Android that affects versions prior to 107. The vulnerability was disclosed on November 15, 2022, and involves a SameSite cookie bypass issue. Using the S.browserfallbackurl parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent, affecting only Firefox for Android while other operating systems remain unaffected (Mozilla Advisory, NVD).

The vulnerability has a CVSS v3.1 base score of 6.1 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The issue occurs specifically when handling intent URLs on Android, where the S.browserfallbackurl parameter specifies the URL to load when the browser fails to verify the intent. When opening the fallbackurl parameter, the browser didn't properly enforce SameSite cookie restrictions ([Mozilla Bug](https://bugzilla.mozilla.org/showbug.cgi?id=1791201)).

The vulnerability allows attackers to bypass SameSite=Strict cookie protections on Firefox for Android. This could potentially lead to cross-site request forgery (CSRF) attacks by allowing the transmission of cookies that should be restricted to same-site contexts (Mozilla Advisory).

The vulnerability was fixed in Firefox version 107. The fix involves setting proper load flags when handling browserfallbackurl in the Android Components. Users are advised to update to Firefox version 107 or later to mitigate this vulnerability (Mozilla Advisory).