PT-2022-3596 · Mozilla+4 · Thunderbird+6

Chaobin Zhang

·

Published

2022-05-31

·

Updated

2024-12-12

·

CVE-2022-31739

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 101 Firefox ESR versions prior to 91.10 Thunderbird versions prior to 91.10
Description The issue arises from the failure to escape the % character when downloading files on Windows, potentially leading to downloads being saved to attacker-influenced paths using variables such as %HOMEPATH% or %APPDATA%. This could result in an attacker being able to influence the path where a file is saved, potentially leading to security issues. The vulnerability is specific to Windows and does not affect other operating systems.
Recommendations For Firefox versions prior to 101, update to version 101 or later to resolve the issue. For Firefox ESR versions prior to 91.10, update to version 91.10 or later to resolve the issue. For Thunderbird versions prior to 91.10, update to version 91.10 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the % character in download paths until a patch is applied.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-73CWE-22

Related Identifiers

ALT-PU-2022-1988
ALT-PU-2022-1995
ALT-PU-2022-1996
ALT-PU-2022-2000
ALT-PU-2022-2006
ALT-PU-2022-2017
ALT-PU-2022-2031
ALT-PU-2022-2044
ALT-PU-2022-2053
ALT-PU-2022-2930
ALT-PU-2023-1139
ALT-PU-2023-4336
ALT-PU-2023-4339
BDU:2022-04380
CVE-2022-31739
OPENSUSE-SU-2022_1920-1
OPENSUSE-SU-2022_2062-1
OPENSUSE-SU-2024:12117-1
OPENSUSE-SU-2024:12121-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2022:1920-1
SUSE-SU-2022:1921-1
SUSE-SU-2022:1927-1
SUSE-SU-2022:2062-1

Affected Products

Alt Linux
Astra Linux
Firefox
Firefox Esr
Suse
Thunderbird
Windows