CVE-2022-29915 — Origin Validation Error in Mozilla Firefox

CWE-346 — Origin Validation Error6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 67.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedDec 22

Description

The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶debiandebian/firefox< firefox 100.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 100

▶NVDmozilla/firefox< 100.0

▶Ubuntumozilla/firefox< 100.0+build2-0ubuntu0.18.04.1+1

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-r7fp-wxjp-2rf9: The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects↗2022-12-22

▶

OSV

CVE-2022-29915: The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects↗2022-05-07

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2022-05-11

▶

Debian

CVE-2022-29915: firefox - The Performance API did not properly hide the fact whether a request cross-origi...↗2022

▶

Mozilla

Mozilla Foundation Security Advisory 2022-16: CVE-2022-29915↗

▶