CVE-2022-22736

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 96

Description The issue is related to the mechanism of loading DLL libraries in the Firefox web browser for Windows. It is associated with the absence of quotes in writing elements or search paths. Exploitation of this issue could allow an attacker to cause a denial of service. If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However, the install directory is not world-writable by default. This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.

Recommendations For versions prior to 96, update to version 96 or later to resolve the issue. As a temporary workaround, consider restricting access to the directory where Firefox is installed to prevent local privilege escalation. Avoid installing Firefox in a world-writable directory to minimize the risk of exploitation.