Vulnerability Details : CVE-2022-22760
When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
Products affected by CVE-2022-22760
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-22760
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-22760
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-22760
-
The product generates an error message that includes sensitive information about its environment, users, or associated data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-22760
-
https://www.mozilla.org/security/advisories/mfsa2022-04/
Security Vulnerabilities fixed in Firefox 97 — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1740985
1740985 - (CVE-2022-22760) Detecting whether the content-type of a cross-origin resource is application/javascript through importScriptsIssue Tracking;Vendor Advisory
-
https://www.mozilla.org/security/advisories/mfsa2022-05/
Security Vulnerabilities fixed in Firefox ESR 91.6 — MozillaVendor Advisory
-
https://www.mozilla.org/security/advisories/mfsa2022-06/
Security Vulnerabilities fixed in Thunderbird 91.6 — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1748503
1748503 - Detecting whether a URL is blocked (by Tracking Protection or an extension) or not through importScriptsIssue Tracking;Vendor Advisory
Jump to