CVE-2022-45403 — Observable Discrepancy in Mozilla Firefox
Severity
6.5MEDIUMNVD
OSV8.1
EPSS
0.2%
top 59.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 22
Latest updateFeb 6
Description
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages9 packages
🔴Vulnerability Details
5OSV▶
CVE-2022-45403: Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined wi↗2022-12-22
GHSA▶
GHSA-4p72-6jxp-vmqx: Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined wi↗2022-12-22
CVEList▶
CVE-2022-45403: Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined wi↗2022-12-22
📋Vendor Advisories
7Debian▶
CVE-2022-45403: firefox - Service Workers should not be able to infer information about opaque cross-origi...↗2022