CVE-2023-5722 in Firefox
Summary
by MITRE • 10/25/2023
Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 08/06/2025
This vulnerability in Firefox versions prior to 119 represents a significant information disclosure issue that exploits timing differences in HTTP response handling to infer sensitive server information. The flaw allows attackers to perform iterative requests against web applications and observe response characteristics that reveal the size of opaque responses and the contents of server-supplied Vary headers. The Vary header is particularly critical as it indicates which request headers influence response variations, making it valuable for understanding server-side caching behavior and application logic. This vulnerability falls under the category of timing-based side-channel attacks where the attacker leverages measurable differences in response times to deduce information about the server's internal state and response structure.
The technical implementation of this vulnerability stems from Firefox's handling of HTTP responses where the browser's request processing and response parsing create measurable timing variations when dealing with opaque responses. When Firefox receives a response with a Vary header, the browser's internal mechanisms for managing cached responses and handling vary parameters create timing discrepancies that can be measured and analyzed by an attacker. These timing differences occur because the browser must process and store varying response characteristics differently based on the Vary header values, creating observable delays that correlate with the actual header content and response size. This behavior violates the principle of consistent response handling that should occur regardless of response content, exposing information that should remain hidden from client-side observation.
The operational impact of this vulnerability extends beyond simple information disclosure to potentially enable more sophisticated attacks against web applications. By learning the size of opaque responses, attackers can perform content-based inference attacks that help determine the nature of server responses without direct access to their contents. The Vary header information disclosure is particularly concerning as it reveals caching strategies and server-side processing logic that could be exploited to bypass security controls or understand application architecture. This vulnerability can be leveraged in conjunction with other attacks to build more comprehensive reconnaissance profiles, making it a valuable tool for threat actors seeking to understand target systems before launching more targeted attacks. The vulnerability affects not just individual users but entire web application ecosystems that rely on proper response handling and caching behavior.
Mitigation strategies for this vulnerability require immediate browser updates to Firefox version 119 or later where the timing discrepancies have been addressed through improved response handling mechanisms. Organizations should implement comprehensive monitoring to detect potential exploitation attempts that might involve iterative request patterns or timing-based reconnaissance. Network administrators should consider implementing rate limiting and connection throttling mechanisms to reduce the effectiveness of iterative attack patterns. The vulnerability aligns with CWE-203, which addresses "Information Exposure Through Discrepancy" and relates to ATT&CK technique T1083, "File and Directory Discovery" and T1592, "Probing" in its operational context. Security teams should also implement proper HTTP response configuration practices that minimize timing variations in response handling and ensure that server-side caching mechanisms properly abstract response characteristics from client-side observation. Additionally, web application firewalls can be configured to detect and block suspicious iterative request patterns that might indicate exploitation attempts.