CVE-2022-22756 — Code Injection in Mozilla Firefox
Severity
8.8HIGHNVD
EPSS
0.3%
top 49.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 22
Description
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages9 packages
🔴Vulnerability Details
5OSV▶
CVE-2022-22756: If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable sc↗2022-12-22
GHSA▶
GHSA-34mj-396j-93pr: If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable sc↗2022-12-22
CVEList▶
CVE-2022-22756: If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable sc↗2022-12-22