← back
CVE-2022-36316

CVE-2022-36316

CVSS 6.1 MEDIUMEPSS 0.3%CWE-601
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Dec 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
Mozilla · Firefox

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1768583https://www.mozilla.org/security/advisories/mfsa2022-28/