⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.
CVE-2022-34478 — Open Redirect in Mozilla Firefox
CWE-601 — Open RedirectCWE-356 — Product UI does not Warn User of Unsafe Actions10 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 64.63%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedDec 22
Description
The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, F…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages6 packages
🔴Vulnerability Details
3GHSA▶
GHSA-g6c6-9mmh-32cw: The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt↗2022-12-22
CVEList▶
CVE-2022-34478: The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt↗2022-12-22
📋Vendor Advisories
5Debian▶
CVE-2022-34478: firefox - The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protoc...↗2022