CVE-2022-29916Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information ExposureCWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere12 documents8 sources
Severity
6.5MEDIUMNVD
OSV4.3
EPSS
0.2%
top 52.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 22

Description

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified100
NVDmozilla/firefox< 100.0
CVEListV5mozilla/firefox_esrunspecified91.9
CVEListV5mozilla/thunderbirdunspecified91.9

🔴Vulnerability Details

4
OSV
CVE-2022-29916: Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables2022-12-22
CVEList
CVE-2022-29916: Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables2022-12-22
GHSA
GHSA-fv4x-hrpq-wqgp: Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables2022-12-22
OSV
thunderbird vulnerabilities2022-05-25

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2022-05-25
Ubuntu
Firefox vulnerabilities2022-05-11
Red Hat
Mozilla: Leaking browser history with CSS variables2022-05-03
Debian
CVE-2022-29916: firefox - Firefox behaved slightly differently for already known resources when loading CS...2022
Mozilla
Mozilla Foundation Security Advisory 2022-17: CVE-2022-29916
CVE-2022-29916 — Sensitive Information Exposure | cvebase