CVE-2023-5722Observable Discrepancy in Mozilla Firefox

CWE-203Observable Discrepancy10 documents7 sources
Severity
5.3MEDIUMNVD
OSV4.3
EPSS
0.2%
top 62.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedOct 25
Latest updateNov 14

Description

Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

CVEListV5mozilla/firefoxunspecified119
NVDmozilla/firefox< 119.0
Ubuntumozilla/firefox< 119.0+build2-0ubuntu0.20.04.1+1

🔴Vulnerability Details

5
OSV
firefox regressions2023-11-14
OSV
firefox vulnerabilities2023-10-30
OSV
CVE-2023-5722: Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header2023-10-25
GHSA
GHSA-3cw5-74j7-6q4r: Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header2023-10-25
CVEList
CVE-2023-5722: Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header2023-10-24

📋Vendor Advisories

4
Ubuntu
Firefox regressions2023-11-14
Ubuntu
Firefox vulnerabilities2023-10-30
Debian
CVE-2023-5722: firefox - Using iterative requests an attacker was able to learn the size of an opaque res...2023
Mozilla
Mozilla Foundation Security Advisory 2023-45: CVE-2023-5722
CVE-2023-5722 — Observable Discrepancy in Mozilla | cvebase