CVE-2022-31736

Summary

CVE	CVE-2022-31736
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-12-22 20:15:00 UTC
Updated	2023-01-03 20:55:00 UTC
Description	A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Firefox	All	All	All	All
Application	Mozilla	Firefox Esr	All	All	All	All
Application	Mozilla	Thunderbird	All	All	All	All

References

Reference	Source	Link	Tags
Security Vulnerabilities fixed in Firefox 101 — Mozilla	MISC	www.mozilla.org
Security Vulnerabilities fixed in Firefox ESR 91.10 — Mozilla	MISC	www.mozilla.org
Access Denied	MISC	bugzilla.mozilla.org
Security Vulnerabilities fixed in Thunderbird 91.10 — Mozilla	MISC	www.mozilla.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159874 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-4870)
159877 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-4872)
159878 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-4891)
159879 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-4887)
159932 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-4873)
159948 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-4892)
179347 Debian Security Update for firefox-esr (DSA 5156-1)
179351 Debian Security Update for thunderbird (DLA 3041-1)
179352 Debian Security Update for firefox-esr (DLA 3040-1)
179354 Debian Security Update for thunderbird (DSA 5158-1)
184555 Debian Security Update for firefox-esrthunderbird (CVE-2022-31736)
198829 Ubuntu Security Notification for Firefox Vulnerabilities (USN-5475-1)
198859 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5512-1)
240393 Red Hat Update for firefox (RHSA-2022:4872)
240394 Red Hat Update for firefox (RHSA-2022:4870)
240397 Red Hat Update for firefox (RHSA-2022:4876)
240399 Red Hat Update for firefox (RHSA-2022:4873)
240401 Red Hat Update for firefox (RHSA-2022:4875)
240402 Red Hat Update for thunderbird (RHSA-2022:4891)
240405 Red Hat Update for thunderbird (RHSA-2022:4892)
240406 Red Hat Update for thunderbird (RHSA-2022:4889)
240407 Red Hat Update for thunderbird (RHSA-2022:4887)
240408 Red Hat Update for thunderbird (RHSA-2022:4890)
257182 CentOS Security Update for thunderbird (CESA-2022:4891)
257184 CentOS Security Update for firefox (CESA-2022:4870)
354001 Amazon Linux Security Advisory for thunderbird : ALAS2-2022-1828
356189 Amazon Linux Security Advisory for firefox : ALASFIREFOX-2023-011
376643 Mozilla Firefox Multiple Vulnerabilities (MFSA2022-20)
376644 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2022-21)
376645 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2022-22)
502057 Alpine Linux Security Update for firefox-esr
502380 Alpine Linux Security Update for thunderbird
502686 Alpine Linux Security Update for firefox
504810 Alpine Linux Security Update for firefox-esr
504824 Alpine Linux Security Update for firefox
505448 Alpine Linux Security Update for thunderbird
710582 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202208-08)
710585 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202208-14)
752200 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:1927-1)
752204 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:1920-1)
752206 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:1921-1)
753109 SUSE Enterprise Linux Security Update for MozillaThunderbird (SUSE-SU-2022:2062-1)
960141 Rocky Linux Security Update for thunderbird (RLSA-2022:4887)
960145 Rocky Linux Security Update for firefox (RLSA-2022:4872)