github - ghsa-fv4x-hrpq-wqgp

ghsa-fv4x-hrpq-wqgp

Vulnerability from github

Published

2022-12-22 21:30

Modified

2022-12-31 00:30

Severity

6.5 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29916"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-22T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird \u003c 91.9, Firefox ESR \u003c 91.9, and Firefox \u003c 100.",
  "id": "GHSA-fv4x-hrpq-wqgp",
  "modified": "2022-12-31T00:30:23Z",
  "published": "2022-12-22T21:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29916"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1760674"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-16"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-17"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-18"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2022-29916

Vulnerability from cvelistv5

Published

2022-12-22 00:00

Modified

2024-08-03 06:33

Severity

Summary

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

References

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2022-16/
https://www.mozilla.org/security/advisories/mfsa2022-18/
https://www.mozilla.org/security/advisories/mfsa2022-17/
https://bugzilla.mozilla.org/show_bug.cgi?id=1760674

Impacted products

Vendor	Product
Mozilla	Thunderbird
Mozilla	Firefox ESR
Mozilla	Firefox

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:33:43.182Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-16/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-18/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-17/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1760674"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "100",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird \u003c 91.9, Firefox ESR \u003c 91.9, and Firefox \u003c 100."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Leaking browser history with CSS variables",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-22T00:00:00",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-16/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-18/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-17/"
        },
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1760674"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2022-29916",
    "datePublished": "2022-12-22T00:00:00",
    "dateReserved": "2022-04-29T00:00:00",
    "dateUpdated": "2024-08-03T06:33:43.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.