CVE-2022-31742 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Unknown
Type	Information disclosure
Description	An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2761	thunderbird	91.9.1-1	91.10-1	High	Fixed
AVG-2760	firefox	100.0.2-1	101.0-1	High	Fixed

References
https://bugzilla.mozilla.org/show_bug.cgi?id=1730434