CVE-2022-45416

Summary

Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 102.5affected
MozillaThunderbirdunspecified < 102.5affected
MozillaFirefoxunspecified < 107affected

Weaknesses

  • Keystroke Side-Channel Leakage

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References