{"id":"CVE-2022-31736","details":"A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird \u003c 91.10, Firefox \u003c 101, and Firefox ESR \u003c 91.10.","modified":"2026-04-15T23:59:11.438844188Z","published":"2022-12-22T20:15:27.960Z","related":["SUSE-SU-2022:1920-1","SUSE-SU-2022:1921-1","SUSE-SU-2022:1927-1","SUSE-SU-2022:2062-1","openSUSE-SU-2024:12117-1","openSUSE-SU-2024:12121-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2022-20/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2022-21/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2022-22/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735923"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31736.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"101"}]},{"events":[{"introduced":"0"},{"fixed":"91.10"}]},{"events":[{"introduced":"0"},{"fixed":"91.10"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}