CVE-2022-22760 — Information Exposure via Error Message in Mozilla Firefox
Severity
6.5MEDIUMNVD
OSV8.8
EPSS
0.2%
top 56.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 22
Latest updateMar 19
Description
When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages9 packages
🔴Vulnerability Details
5CVEList▶
CVE-2022-22760: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script re↗2022-12-22
OSV▶
CVE-2022-22760: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script re↗2022-12-22
GHSA▶
GHSA-mpq8-m953-pwhf: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script re↗2022-12-22