PT-2021-7889 · Mozilla+9 · Firefox Esr+11

Matthias Zoellner

Published

2021-12-14

Updated

2024-12-12

CVE-2022-46874

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 108 Thunderbird versions prior to 102.6.1 Firefox ESR versions prior to 102.6

Description The issue is related to a file's filename being truncated, potentially leading to user confusion and the execution of malicious code. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability is associated with the concealment of important security information.

Recommendations For Firefox versions prior to 108, update to version 108 or later. For Thunderbird versions prior to 102.6.1, update to version 102.6.1 or later. For Firefox ESR versions prior to 102.6, update to version 102.6 or later.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-222

Related Identifiers

ALSA-2022:9065

ALSA-2022:9067

ALSA-2022:9074

ALSA-2022:9080

ALT-PU-2022-3341

ALT-PU-2022-3354

ALT-PU-2022-3356

ALT-PU-2022-3401

ALT-PU-2022-3407

ALT-PU-2022-3410

ALT-PU-2022-3436

ALT-PU-2023-1043

ALT-PU-2023-1137

ALT-PU-2023-1138

ALT-PU-2023-4335

ALT-PU-2023-4336

ALT-PU-2023-5754

ALT-PU-2024-3614

BDU:2023-04817

CESA-2022_9067

CESA-2022_9074

CVE-2022-46874

DLA-3241-1

DLA-3242-1

DSA-5301-1

DSA-5303-1

MGASA-2022-0475

MGASA-2022-0476

MGASA-2022-0484

OESA-2023-1673

OESA-2023-1674

OPENSUSE-SU-2022_4462-1

OPENSUSE-SU-2022_4579-1

OPENSUSE-SU-2022_4636-1

OPENSUSE-SU-2024:12568-1

OPENSUSE-SU-2024:12571-1

OPENSUSE-SU-2024:12577-1

OPENSUSE-SU-2024:14572-1

RHSA-2022:9065

RHSA-2022:9066

RHSA-2022:9067

RHSA-2022:9068

RHSA-2022:9069

RHSA-2022:9070

RHSA-2022:9071

RHSA-2022:9072

RHSA-2022:9074

RHSA-2022:9075

RHSA-2022:9076

RHSA-2022:9077

RHSA-2022:9078

RHSA-2022:9079

RHSA-2022:9080

RHSA-2022:9081

RHSA-2022_9065

RHSA-2022_9067

RHSA-2022_9072

RHSA-2022_9074

RHSA-2022_9079

RHSA-2022_9080

RLSA-2022:9067

SUSE-SU-2022:4460-1

SUSE-SU-2022:4461-1

SUSE-SU-2022:4462-1

SUSE-SU-2022:4579-1

SUSE-SU-2022:4636-1

SUSE-SU-2022_4636-1

USN-5782-1

USN-5782-2

USN-5782-3

USN-5824-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2021-7889 · Mozilla+9 · Firefox Esr+11

CVE-2022-46874

Weakness Enumeration

Related Identifiers

Affected Products

References · 2306