Vulnerability Name: | CVE-2022-45403 (CCN-240123) | ||||||||||||||||||||||||||||||||
Assigned: | 2022-11-15 | ||||||||||||||||||||||||||||||||
Published: | 2022-11-15 | ||||||||||||||||||||||||||||||||
Updated: | 2023-01-04 | ||||||||||||||||||||||||||||||||
Summary: | Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-829 | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2022-45403 Source: security@mozilla.org Type: Issue Tracking, Permissions Required security@mozilla.org Source: XF Type: UNKNOWN mozilla-firefox-cve202245403-info-disc(240123) Source: CCN Type: IBM Security Bulletin 6849101 (Application Performance Management) Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.5ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 Source: CCN Type: Mozilla Foundation Security Advisory 2022-47 Security Vulnerabilities fixed in Firefox 107 Source: security@mozilla.org Type: Vendor Advisory security@mozilla.org Source: security@mozilla.org Type: Vendor Advisory security@mozilla.org Source: security@mozilla.org Type: Vendor Advisory security@mozilla.org | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |