PT-2022-27998 · Mozilla+3 · Thunderbird+5

Dohyun Lee

·

Published

2022-12-13

·

Updated

2024-12-12

·

CVE-2022-46875

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 108 Firefox ESR versions prior to 102.6 Thunderbird versions prior to 102.6
Description The issue allows executable files, such as .atloc and .ftploc, to be downloaded without presenting a warning, potentially enabling them to run commands on a user's computer. This problem is specific to Mac OS operating systems, with other operating systems being unaffected.
Recommendations For Firefox versions prior to 108, update to version 108 or later. For Firefox ESR versions prior to 102.6, update to version 102.6 or later. For Thunderbird versions prior to 102.6, update to version 102.6 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2022-3341
ALT-PU-2022-3354
ALT-PU-2022-3356
ALT-PU-2022-3401
ALT-PU-2022-3407
ALT-PU-2023-1043
ALT-PU-2023-1137
ALT-PU-2023-1138
ALT-PU-2023-4335
ALT-PU-2023-4336
ALT-PU-2023-5754
CVE-2022-46875
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2022_4462-1
OPENSUSE-SU-2022_4579-1
OPENSUSE-SU-2024:12568-1
OPENSUSE-SU-2024:12571-1
OPENSUSE-SU-2024:12577-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2022:4460-1
SUSE-SU-2022:4461-1
SUSE-SU-2022:4462-1
SUSE-SU-2022:4579-1

Affected Products

Alt Linux
Astra Linux
Firefox
Firefox Esr
Suse
Thunderbird