CVE-2022-29916

Summary

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 91.9affected
MozillaFirefox ESRunspecified < 91.9affected
MozillaFirefoxunspecified < 100affected

Weaknesses

  • Leaking browser history with CSS variables

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References