PT-2022-5666 · Mozilla+9 · Thunderbird+10

Andrew Mccreight

+2

·

Published

2022-11-15

·

Updated

2024-12-12

·

CVE-2022-45416

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 102.5 Thunderbird versions prior to 102.5 Firefox versions prior to 107
Description The issue is related to keyboard events and cache-based timing attacks, such as Prime+Probe, which could potentially reveal pressed keys. This is a security error in Mozilla browsers, including Firefox and Thunderbird, that may allow a remote attacker to disclose protected information.
Recommendations For Firefox ESR versions prior to 102.5, update to version 102.5 or later. For Thunderbird versions prior to 102.5, update to version 102.5 or later. For Firefox versions prior to 107, update to version 107 or later.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-254CWE-203

Related Identifiers

ALSA-2022:8547
ALSA-2022:8554
ALSA-2022:8561
ALSA-2022:8580
ALT-PU-2022-3090
ALT-PU-2022-3097
ALT-PU-2022-3099
ALT-PU-2022-3209
ALT-PU-2022-3270
ALT-PU-2022-3340
ALT-PU-2023-1137
ALT-PU-2023-1138
ALT-PU-2023-4335
ALT-PU-2023-4336
ALT-PU-2023-5754
ALT-PU-2024-3614
BDU:2022-07061
CESA-2022_8547
CESA-2022_8552
CESA-2022_8554
CESA-2022_8555
CVE-2022-45416
DLA-3196-1
DLA-3199-1
DSA-5282-1
DSA-5284-1
MGASA-2022-0427
MGASA-2022-0428
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2022_4058-1
OPENSUSE-SU-2022_4085-1
OPENSUSE-SU-2024:12518-1
OPENSUSE-SU-2024:12519-1
OPENSUSE-SU-2024:12532-1
OPENSUSE-SU-2024:14572-1
RHSA-2022:8543
RHSA-2022:8544
RHSA-2022:8545
RHSA-2022:8547
RHSA-2022:8548
RHSA-2022:8549
RHSA-2022:8550
RHSA-2022:8552
RHSA-2022:8553
RHSA-2022:8554
RHSA-2022:8555
RHSA-2022:8556
RHSA-2022:8561
RHSA-2022:8580
RHSA-2022:8979
RHSA-2022:8980
RHSA-2022_8547
RHSA-2022_8552
RHSA-2022_8554
RHSA-2022_8555
RHSA-2022_8561
RHSA-2022_8580
RLSA-2022:8547
RLSA-2022:8554
SUSE-SU-2022:4058-1
SUSE-SU-2022:4083-1
SUSE-SU-2022:4085-1
SUSE-SU-2022:4247-1
USN-5726-1
USN-5824-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu