{"id":"CVE-2022-29916","details":"Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird \u003c 91.9, Firefox ESR \u003c 91.9, and Firefox \u003c 100.","modified":"2026-03-13T05:48:22.160313Z","published":"2022-12-22T20:15:26.797Z","related":["ALSA-2022:1705","ALSA-2022:1730","MGASA-2022-0162","MGASA-2022-0163","SUSE-RU-2022:1579-1","SUSE-SU-2022:1719-1","SUSE-SU-2022:1731-1","SUSE-SU-2022:1748-1","SUSE-SU-2022:1757-1","openSUSE-SU-2024:12044-1","openSUSE-SU-2024:12045-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1760674"},{"type":"EVIDENCE","url":"https://www.mozilla.org/security/advisories/mfsa2022-16/"},{"type":"EVIDENCE","url":"https://www.mozilla.org/security/advisories/mfsa2022-17/"},{"type":"EVIDENCE","url":"https://www.mozilla.org/security/advisories/mfsa2022-18/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"100.0"}]},{"events":[{"introduced":"0"},{"fixed":"91.9"}]},{"events":[{"introduced":"0"},{"fixed":"91.9"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29916.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}