PT-2022-5598 · Mozilla+10 · Firefox Esr+12

Anne Van Kesteren

Published

2022-11-15

Updated

2024-12-12

CVE-2022-45403

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 107 Firefox ESR versions prior to 102.5 Thunderbird versions prior to 102.5

Description The issue is related to Service Workers in browsers, which could allow a remote attacker to infer information about the presence or length of a media file by exploiting timing information for cross-origin media combined with Range requests.

Recommendations For Firefox versions prior to 107, update to version 107 or later. For Firefox ESR versions prior to 102.5, update to version 102.5 or later. For Thunderbird versions prior to 102.5, update to version 102.5 or later.

Fix

Information Disclosure

Side Channel Attack

UI Misrepresentation of Critical Information

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-829CWE-200CWE-203CWE-451CWE-416

Related Identifiers

ALSA-2022:8547

ALSA-2022:8554

ALSA-2022:8561

ALSA-2022:8580

ALT-PU-2022-3090

ALT-PU-2022-3097

ALT-PU-2022-3099

ALT-PU-2022-3209

ALT-PU-2022-3270

ALT-PU-2022-3340

ALT-PU-2023-1137

ALT-PU-2023-1138

ALT-PU-2023-4335

ALT-PU-2023-4336

ALT-PU-2023-5754

ALT-PU-2024-3614

BDU:2022-06814

BDU:2022-06815

BDU:2022-06961

CESA-2022_8547

CESA-2022_8552

CESA-2022_8554

CESA-2022_8555

CVE-2022-45403

DLA-3196-1

DLA-3199-1

DSA-5282-1

DSA-5284-1

MGASA-2022-0427

MGASA-2022-0428

OPENSUSE-SU-2022_4058-1

OPENSUSE-SU-2022_4085-1

OPENSUSE-SU-2024:12518-1

OPENSUSE-SU-2024:12519-1

OPENSUSE-SU-2024:12532-1

OPENSUSE-SU-2024:14572-1

RHSA-2022:8543

RHSA-2022:8544

RHSA-2022:8545

RHSA-2022:8547

RHSA-2022:8548

RHSA-2022:8549

RHSA-2022:8550

RHSA-2022:8552

RHSA-2022:8553

RHSA-2022:8554

RHSA-2022:8555

RHSA-2022:8556

RHSA-2022:8561

RHSA-2022:8580

RHSA-2022:8979

RHSA-2022:8980

RHSA-2022_8547

RHSA-2022_8552

RHSA-2022_8554

RHSA-2022_8555

RHSA-2022_8561

RHSA-2022_8580

RLSA-2022:8547

RLSA-2022:8554

SUSE-SU-2022:4058-1

SUSE-SU-2022:4083-1

SUSE-SU-2022:4085-1

SUSE-SU-2022:4247-1

SUSE-SU-2022_4058-1

SUSE-SU-2022_4083-1

SUSE-SU-2022_4247-1

USN-5726-1

USN-5824-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2022-5598 · Mozilla+10 · Firefox Esr+12

CVE-2022-45403

Weakness Enumeration

Related Identifiers

Affected Products

References · 2022