CVE-2022-22736

2022-12-2220:15:14

Alpine Linux Development Team

security.alpinelinux.org

firefox

privilege escalation

vulnerability

windows

non-default installation

firefox < 96

unix

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.<br>This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.. This vulnerability affects Firefox < 96.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchfirefox< 97.0-r0UNKNOWN
Alpineedge-communitynoarchlibrewolf< 97.0-r0UNKNOWN
Alpine3.16-communitynoarchfirefox< 97.0-r0UNKNOWN
Alpine3.17-communitynoarchfirefox< 97.0-r0UNKNOWN
Alpine3.18-communitynoarchfirefox< 97.0-r0UNKNOWN
Alpine3.19-communitynoarchfirefox< 97.0-r0UNKNOWN
Alpine3.20-communitynoarchfirefox< 97.0-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	firefox	< 97.0-r0	UNKNOWN
Alpine	edge-community	noarch	librewolf	< 97.0-r0	UNKNOWN
Alpine	3.16-community	noarch	firefox	< 97.0-r0	UNKNOWN
Alpine	3.17-community	noarch	firefox	< 97.0-r0	UNKNOWN
Alpine	3.18-community	noarch	firefox	< 97.0-r0	UNKNOWN
Alpine	3.19-community	noarch	firefox	< 97.0-r0	UNKNOWN
Alpine	3.20-community	noarch	firefox	< 97.0-r0	UNKNOWN