PT-2022-4865 · Mozilla+2 · Thunderbird+4

Akucybersec

·

Published

2022-07-26

·

Updated

2024-12-12

·

CVE-2022-36314

CVSS v2.0

6.4

Medium

VectorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 103 Firefox ESR versions prior to 102.1 Thunderbird versions prior to 102.1
Description The issue is related to the disclosure of information in an erroneous data area, potentially allowing a remote attacker to initiate network requests from the operating system. This can occur when opening a Windows shortcut from the local filesystem, where an attacker could supply a remote path, leading to unexpected network requests. The issue specifically affects Firefox for Windows, with other operating systems being unaffected.
Recommendations For Firefox versions prior to 103, update to version 103 or later to resolve the issue. For Firefox ESR versions prior to 102.1, update to version 102.1 or later to resolve the issue. For Thunderbird versions prior to 102.1, update to version 102.1 or later to resolve the issue.

Exploit

Fix

Exposure of Resource to Wrong Sphere

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-668CWE-427

Related Identifiers

ALT-PU-2022-2306
ALT-PU-2022-2458
ALT-PU-2022-2515
ALT-PU-2022-2929
ALT-PU-2022-2930
ALT-PU-2022-2931
ALT-PU-2023-1137
ALT-PU-2023-1138
ALT-PU-2023-1139
ALT-PU-2023-4335
ALT-PU-2023-4336
ALT-PU-2023-4339
ALT-PU-2023-5754
BDU:2022-05989
CVE-2022-36314
OPENSUSE-SU-2022_3281-1
OPENSUSE-SU-2022_3396-1
OPENSUSE-SU-2024:12227-1
OPENSUSE-SU-2024:12228-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2022:3272-1
SUSE-SU-2022:3273-1
SUSE-SU-2022:3281-1
SUSE-SU-2022:3396-1

Affected Products

Alt Linux
Firefox
Firefox Esr
Suse
Thunderbird