Rapid7 Vulnerability & Exploit Database

MFSA2022-17 Firefox: Security Vulnerabilities fixed in Firefox ESR 91.9 (CVE-2022-29916)

Free InsightVM Trial No credit card necessary
Watch Demo See how it all works
Back to Search

MFSA2022-17 Firefox: Security Vulnerabilities fixed in Firefox ESR 91.9 (CVE-2022-29916)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
05/03/2022
Created
05/05/2022
Added
05/04/2022
Modified
01/04/2023

Description

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

Solution(s)

  • mozilla-firefox-esr-upgrade-91_9

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;