Keyboard events reference strings like "KeyA" that were...
Moderate severity
Unreviewed
Published
Dec 22, 2022
to the GitHub Advisory Database
•
Updated Jan 28, 2023
Description
Published by the National Vulnerability Database
Dec 22, 2022
Published to the GitHub Advisory Database
Dec 22, 2022
Last updated
Jan 28, 2023
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
References