CVE-2022-31736

Critical

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects…

mozilla·NVD-CWE-noinfo·Published 2022-12-22

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

193 chars

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

NVDen

193 chars

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

Un sitio web malicioso podría haber aprendido el tamaño de un recurso de origen cruzado que admitiera solicitudes de rango. Esta vulnerabilidad afecta a Thunderbird < 91.10, Firefox < 101 y Firefox ESR < 91.10.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H