CVE-2022-31742 log

Severity Medium
Remote Unknown
Type Information disclosure
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals.
Group Package Affected Fixed Severity Status Ticket
AVG-2761 thunderbird 91.9.1-1 91.10-1 High Fixed
AVG-2760 firefox 100.0.2-1 101.0-1 High Fixed