CVE-2022-36316

Summary

When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 103affected

Weaknesses

  • Performance API leaked whether a cross-site resource is redirecting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References