CVE-2022-45403
First published: Tue Nov 15 2022(Updated: )
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Thunderbird | <102.5 | 102.5 |
| Mozilla Firefox ESR | <102.5 | 102.5 |
| Mozilla Firefox | <107 | 107 |
| Mozilla Firefox | <107.0 | |
| Mozilla Firefox ESR | <102.5 | |
| Mozilla Thunderbird | <102.5 | |
| <107.0 | ||
| <102.5 | ||
| <102.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1762078
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/
- https://www.mozilla.org/security/advisories/mfsa2022-47/
- https://www.mozilla.org/security/advisories/mfsa2022-48/
- https://www.mozilla.org/security/advisories/mfsa2022-49/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2022-45403?
CVE-2022-45403 is a vulnerability that allows Service Workers to infer information about opaque cross-origin responses, potentially leading to the determination of the presence or length of a media file.
What software is affected by CVE-2022-45403?
CVE-2022-45403 affects Firefox ESR versions prior to 102.5, Thunderbird versions prior to 102.5, and Firefox versions prior to 107.0.
How can this vulnerability be exploited?
This vulnerability can be exploited by Service Workers combined with Range requests and timing information for cross-origin media.
What is the severity of CVE-2022-45403?
CVE-2022-45403 has a severity rating of 6.5 (high).
How can I fix CVE-2022-45403?
To fix CVE-2022-45403, update Firefox ESR to version 102.5 or later, Thunderbird to version 102.5 or later, or Firefox to version 107.0 or later.
- collector/mozilla-advisory
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/severity
- source/Mozilla
- agent/software-canonical-lookup
- agent/description
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox esr
- canonical/mozilla firefox