CVE-2022-42927

Summary

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries(). This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 106affected
MozillaFirefox ESRunspecified < 102.4affected
MozillaThunderbirdunspecified < 102.4affected

Weaknesses

  • Same-origin policy violation could have leaked cross-origin URLs

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References