PT-2022-1630 · Mozilla+2 · Thunderbird+4

Seb Patane

·

Published

2022-02-08

·

Updated

2024-12-12

·

CVE-2022-22753

CVSS v3.1

7.1

High

VectorAV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 97 Thunderbird versions prior to 91.6 Firefox ESR versions prior to 91.6
Description A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant users write access to an arbitrary directory, potentially leading to SYSTEM access escalation. This issue only affects Firefox on Windows, with other operating systems being unaffected.
Recommendations For Firefox versions prior to 97, update to Firefox 97 or later to resolve the issue. For Thunderbird versions prior to 91.6, update to Thunderbird 91.6 or later to resolve the issue. For Firefox ESR versions prior to 91.6, update to Firefox ESR 91.6 or later to resolve the issue.

Exploit

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

ALT-PU-2022-1229
ALT-PU-2022-1230
ALT-PU-2022-1268
ALT-PU-2022-1311
ALT-PU-2022-1312
ALT-PU-2022-1313
ALT-PU-2022-1316
ALT-PU-2022-1781
ALT-PU-2022-1783
ALT-PU-2022-2930
ALT-PU-2023-1139
ALT-PU-2023-4336
ALT-PU-2023-4339
BDU:2022-00871
CVE-2022-22753
OPENSUSE-SU-2022:0559-1
OPENSUSE-SU-2022_0559-1
OPENSUSE-SU-2022_40696-1
OPENSUSE-SU-2024:11837-1
OPENSUSE-SU-2024:11842-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2022:0559-1
SUSE-SU-2022:0565-1
SUSE-SU-2022:0676-1
SUSE-SU-2022:0696-1
SUSE-SU-2022:14896-1
SUSE-SU-2022_0565-1
SUSE-SU-2022_0676-1
SUSE-SU-2022_0696-1
SUSE-SU-2022_14896-1

Affected Products

Alt Linux
Firefox
Firefox Esr
Suse
Thunderbird