Lucene search
MozillaCVE-2022-22754HistoryDec 22, 2022 - 8:15 p.m.
CVE-2022-22754
2022-12-2220:15:17
CWE-863
mozilla
web.nvd.nist.gov
417
4
cve-2022-22754
extension auto-update
firefox vulnerability
thunderbird vulnerability
auto-update bypass
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7
Confidence
High
EPSS
0.001
Percentile
41.4%
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
Affected configurations
Node
mozillafirefoxRange<97.0
ORmozillafirefox_esrRange<91.6
ORmozillathunderbirdRange<91.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | firefox_esr | * | cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
| mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Mozilla",
"product": "Firefox",
"versions": [
{
"version": "unspecified",
"lessThan": "97",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Mozilla",
"product": "Thunderbird",
"versions": [
{
"version": "unspecified",
"lessThan": "91.6",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Mozilla",
"product": "Firefox ESR",
"versions": [
{
"version": "unspecified",
"lessThan": "91.6",
"status": "affected",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
veracode
veracode
Privilege Escalation
2022-02-09 07:00:55
ubuntucve
ubuntucve
CVE-2022-22754
2022-02-09 00:00:00
cvelist
cvelist
CVE-2022-22754
2022-12-22 00:00:00
nvd
nvd
CVE-2022-22754
2022-12-22 20:15:17
alpinelinux
alpinelinux
CVE-2022-22754
2022-12-22 20:15:17
redhatcve
redhatcve
CVE-2022-22754
2022-02-10 19:52:04
cnvd
cnvd
debiancve
debiancve
CVE-2022-22754
2022-12-22 20:15:17
prion
prion
Code injection
2022-12-22 20:15:00
hivepro
hivepro
Multiple vulnerabilities affect Mozilla Firefox and Firefox ESR
2022-02-14 06:10:51
redos
redos
ROS-20220210-01
2022-02-10 00:00:00
nessus
nessus
Debian DLA-2921-1 : thunderbird - LTS security update
2022-02-14 00:00:00
RHEL 8 : thunderbird (RHSA-2022:0539)
2022-02-15 00:00:00
Debian DSA-5069-1 : firefox-esr - security update
2022-02-11 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2022-02-16 00:00:00
firefox security update
2022-02-16 00:00:00
thunderbird security update
2022-02-15 00:00:00
osv
osv
firefox-esr - security update
2022-02-09 00:00:00
thunderbird - security update
2022-02-14 00:00:00
thunderbird - security update
2022-02-13 00:00:00
debian
debian
[SECURITY] [DLA 2921-1] thunderbird security update
2022-02-14 10:07:02
[SECURITY] [DSA 5074-1] thunderbird security update
2022-02-13 16:26:01
[SECURITY] [DLA 2916-1] firefox-esr security update
2022-02-09 19:26:32
redhat
redhat
(RHSA-2022:0511) Important: firefox security update
2022-02-14 08:13:54
(RHSA-2022:0512) Important: firefox security update
2022-02-14 08:14:15
(RHSA-2022:0535) Important: thunderbird security update
2022-02-15 10:03:34
openvas
openvas
Debian: Security Advisory (DLA-2916-1)
2022-02-10 00:00:00
Debian: Security Advisory (DLA-2921-1)
2022-02-16 00:00:00
CentOS: Security Advisory for thunderbird (CESA-2022:0538)
2022-02-16 00:00:00
centos
centos
firefox security update
2022-02-15 22:56:11
thunderbird security update
2022-02-15 22:57:09
almalinux
almalinux
Important: thunderbird security update
2022-02-15 10:03:34
Important: firefox security update
2022-02-14 08:13:38
mageia
mageia
Updated firefox packages fix security vulnerability
2022-02-12 20:31:35
Updated thunderbird packages fix security vulnerabilities
2022-02-12 20:31:35
rocky
rocky
thunderbird security update
2022-02-15 10:03:34
firefox security update
2022-02-14 08:13:38
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 91.6 β Mozilla
2022-02-08 00:00:00
Security Vulnerabilities fixed in Thunderbird 91.6 β Mozilla
2022-02-08 00:00:00
Security Vulnerabilities fixed in Firefox 97 β Mozilla
2022-02-08 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2022-02-10 02:06:53
suse
suse
Security update for MozillaFirefox (important)
2022-03-04 00:00:00
Security update for MozillaThunderbird (important)
2022-02-23 00:00:00
Security update for MozillaFirefox (moderate)
2022-03-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 91.6.0-alt1
2022-02-16 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 91.6.0-alt1
2022-02-17 00:00:00
kaspersky
kaspersky
KLA12449 Multiple vulnerabilities in Mozilla Firefox ESR
2022-02-08 00:00:00
KLA12460 Multiple vulnerabilities in Mozilla Thunderbird
2022-02-08 00:00:00
KLA12448 Multiple vulnerabilities in Mozilla Firefox
2022-02-08 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2022-02-14 00:00:00
Thunderbird vulnerabilities
2022-03-23 00:00:00
malwarebytes
malwarebytes
Update now! Firefox and Adobe updates are more critical than Microsoftβs
2022-02-09 12:10:20
amazon
amazon
Important: thunderbird
2022-03-07 23:34:00
Important: thunderbird
2022-07-06 03:17:00
ibm
ibm
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2022-02-21 00:00:00
Mozilla Thunderbird: Multiple Vulnerabilities
2022-08-10 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7
Confidence
High
EPSS
0.001
Percentile
41.4%
Related for CVE-2022-22754