CVE-2022-34478

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 102 Mozilla Firefox ESR versions prior to 91.11 Thunderbird versions prior to 102 Thunderbird versions prior to 91.11

Description The issue is related to the implementation of protocols that deliver content to Microsoft applications, bypassing the browser. These protocols, including ms-msdt, search, and search-ms, can be exploited by an attacker to execute arbitrary code. The vulnerability is associated with errors in authorization handling for custom URL schemes. It is noted that these applications have had known vulnerabilities exploited in the wild. This issue only affects Thunderbird on Windows, with other operating systems being unaffected.

Recommendations For Mozilla Firefox versions prior to 102, update to version 102 or later. For Mozilla Firefox ESR versions prior to 91.11, update to version 91.11 or later. For Thunderbird versions prior to 102, update to version 102 or later. For Thunderbird versions prior to 91.11, update to version 91.11 or later. As a temporary workaround, consider blocking the ms-msdt, search, and search-ms protocols from prompting the user to open them.