cbcvebase.
CVE-2022-29916
published 2022-12-22

CVE-2022-29916: Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the…

PriorityP429medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
0.72%
49.5th percentile
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

Affected

17 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 100.0-1 (sid)firefox 100.0-1 (sid)
debianfirefox-esr< firefox 100.0-1 (sid)firefox 100.0-1 (sid)
debianthunderbird< firefox 100.0-1 (sid)firefox 100.0-1 (sid)
mozillafirefox< 100.0100.0
mozillafirefox
mozillafirefox>= unspecified < 100100
mozillafirefox_esr< 91.991.9
mozillafirefox_esr>= unspecified < 91.991.9
mozillathunderbird< 91.991.9
mozillathunderbird>= 0 < 1:91.9.0-1~deb11u11:91.9.0-1~deb11u1
mozillathunderbird>= 0 < 1:91.9.0-11:91.9.0-1
mozillathunderbird>= 0 < 1:91.9.0-11:91.9.0-1
mozillathunderbird>= 0 < 1:91.9.0-11:91.9.0-1
mozillathunderbird>= 0 < 1:91.9.1+build1-0ubuntu0.18.04.11:91.9.1+build1-0ubuntu0.18.04.1
mozillathunderbird>= 0 < 1:91.9.1+build1-0ubuntu0.20.04.11:91.9.1+build1-0ubuntu0.20.04.1
mozillathunderbird>= 0 < 1:91.9.1+build1-0ubuntu0.22.04.11:91.9.1+build1-0ubuntu0.22.04.1
mozillathunderbird>= unspecified < 91.991.9

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.