PT-2022-4948 · Mozilla+9 · Thunderbird+10

Gijs Kruitbosch

Published

2022-07-26

Updated

2024-12-12

CVE-2022-36318

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Firefox ESR versions 91.12 and earlier, except version 91.12 Firefox ESR versions 102.1 and earlier, except version 102.1 Firefox versions 103 and earlier, except version 103 Thunderbird versions 91.12 and earlier, except version 91.12 Thunderbird versions 102.1 and earlier, except version 102.1

Description The issue arises from visiting directory listings for chrome:// URLs as source text, where some parameters were reflected. This may allow a remote attacker to disclose protected information, modify the appearance of a web page, or conduct phishing attacks.

Recommendations For Firefox ESR versions 91.12 and earlier, except version 91.12, update to version 91.12 or later. For Firefox ESR versions 102.1 and earlier, except version 102.1, update to version 102.1 or later. For Firefox versions 103 and earlier, except version 103, update to version 103 or later. For Thunderbird versions 91.12 and earlier, except version 91.12, update to version 91.12 or later. For Thunderbird versions 102.1 and earlier, except version 102.1, update to version 102.1 or later.

Exploit

Fix

XSS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-362

Related Identifiers

ALSA-2022:5767

ALSA-2022:5774

ALSA-2022:5777

ALT-PU-2022-2306

ALT-PU-2022-2458

ALT-PU-2022-2515

ALT-PU-2022-2929

ALT-PU-2022-2930

ALT-PU-2022-2931

ALT-PU-2023-1137

ALT-PU-2023-1138

ALT-PU-2023-1139

ALT-PU-2023-4335

ALT-PU-2023-4336

ALT-PU-2023-4339

ALT-PU-2023-5754

ALT-PU-2024-3614

BDU:2022-06141

CESA-2022_5773

CESA-2022_5774

CESA-2022_5776

CESA-2022_5777

CVE-2022-36318

DSA-5193-1

DSA-5195-1

MGASA-2022-0271

MGASA-2022-0300

OESA-2023-1673

OESA-2023-1674

OPENSUSE-SU-2022_2611-1

OPENSUSE-SU-2022_2748-1

OPENSUSE-SU-2022_3281-1

OPENSUSE-SU-2022_3396-1

OPENSUSE-SU-2024:12227-1

OPENSUSE-SU-2024:12228-1

OPENSUSE-SU-2024:14572-1

RHSA-2022:5765

RHSA-2022:5766

RHSA-2022:5767

RHSA-2022:5769

RHSA-2022:5770

RHSA-2022:5771

RHSA-2022:5772

RHSA-2022:5773

RHSA-2022:5774

RHSA-2022:5776

RHSA-2022:5777

RHSA-2022:5778

RHSA-2022_5767

RHSA-2022_5773

RHSA-2022_5774

RHSA-2022_5776

RHSA-2022_5777

RHSA-2022_5778

RLSA-2022:5774

RLSA-2022:5777

SUSE-SU-2022:2596-1

SUSE-SU-2022:2602-1

SUSE-SU-2022:2611-1

SUSE-SU-2022:2748-1

SUSE-SU-2022:3272-1

SUSE-SU-2022:3273-1

SUSE-SU-2022:3281-1

SUSE-SU-2022:3396-1

SUSE-SU-2022_2596-1

SUSE-SU-2022_2602-1

SUSE-SU-2022_2611-1

SUSE-SU-2022_2748-1

USN-5536-1

USN-5663-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Linuxmint

Red Hat

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2022-4948 · Mozilla+9 · Thunderbird+10

CVE-2022-36318

Weakness Enumeration

Related Identifiers

Affected Products

References · 2284