PT-2022-1400 · Mozilla+10 · Thunderbird+12
Alesandro Ortiz
·
Published
2022-01-11
·
Updated
2024-12-12
·
CVE-2022-22748
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Firefox ESR versions 91.4 and earlier
Firefox versions 95 and earlier
Thunderbird versions 91.4 and earlier
Description
The issue is related to the incorrect handling of user data, allowing a remote attacker to perform a spoofing attack when requesting to launch a program and handling an external URL protocol. Malicious websites could confuse Firefox into showing the wrong origin.
Recommendations
For Firefox ESR versions 91.4 and earlier, update to version 91.5 or later.
For Firefox versions 95 and earlier, update to version 96 or later.
For Thunderbird versions 91.4 and earlier, update to version 91.5 or later.
Exploit
Fix
UI Misrepresentation of Critical Information
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu