PT-2022-7523 · Mozilla+4 · Firefox+4

Jayateertha Guruprasad

Published

2022-10-03

Updated

2025-04-18

CVE-2022-45415

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 107

Description The issue is related to the handling of HTML file downloads. If the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension. This could lead to possible system compromise if the downloaded file was later executed. The vulnerability is also associated with a lack of restrictions on file uploads, which could allow an attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 107, update to version 107 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the 'Save As' feature for HTML files until a patch is applied. Restrict access to downloaded files to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

ALT-PU-2022-3090

ALT-PU-2022-3270

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2024-06949

CVE-2022-45415

OESA-2025-1422

OESA-2025-1423

OPENSUSE-SU-2024:12518-1

OPENSUSE-SU-2024:14572-1

USN-5726-1

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2022-7523 · Mozilla+4 · Firefox+4

CVE-2022-45415

Weakness Enumeration

Related Identifiers

Affected Products

References · 1911