PT-2022-1585 · Mozilla+10 · Thunderbird+12
Luan Herrera
·
Published
2022-02-08
·
Updated
2024-12-12
·
CVE-2022-22760
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 97
Thunderbird versions prior to 91.6
Firefox ESR versions prior to 91.6
Description
The issue is related to how error messages are handled when importing resources using Web Workers, potentially allowing an attacker to distinguish between
application/javascript responses and non-script responses, and thus learn information cross-origin. This could be abused to gain unauthorized access to protected information.Recommendations
For Firefox versions prior to 97, update to version 97 or later.
For Thunderbird versions prior to 91.6, update to version 91.6 or later.
For Firefox ESR versions prior to 91.6, update to version 91.6 or later.
Exploit
Fix
Generation of Error Message Containing Sensitive Information
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu