CVE-2022-34478
published 2022-12-22CVE-2022-34478: The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications…
PriorityP277medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.78%
51.4th percentile
The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| debian | firefox-esr | — | — |
| debian | thunderbird | — | — |
| mozilla | firefox | < 102.0 | 102.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 102 | 102 |
| mozilla | firefox_esr | < 91.11 | 91.11 |
| mozilla | firefox_esr | >= unspecified < 91.11 | 91.11 |
| mozilla | thunderbird | < 91.11 | 91.11 |
| mozilla | thunderbird | >= unspecified < 102 | 102 |
| mozilla | thunderbird | >= unspecified < 91.11 | 91.11 |
Detection & IOCsextracted from sources · hover to see the quote
- →Block or alert on use of the ms-msdt: URI protocol handler being invoked from browser/email client processes (Firefox, Thunderbird) on Windows ↗
- →Block or alert on use of the search: and search-ms: URI protocol handlers being invoked from browser/email client processes on Windows ↗
- →Scope detection to Windows hosts only; Linux and macOS are not affected by this CVE ↗
- ·Vulnerable versions: Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11. Ensure detections target these unpatched versions. ↗
- ·No in-the-wild exploitation specifically through Thunderbird or Firefox was confirmed at time of disclosure, though the underlying ms-msdt protocol had known exploited vulnerabilities. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
vulncheck6.5MEDIUM
vendor_redhat7.8HIGH
vendor_debian6.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g6c6-9mmh-32cw: The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt
ghsa_unreviewed·2022-12-22
CVE-2022-34478 [MEDIUM] CWE-601 GHSA-g6c6-9mmh-32cw: The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt
The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
VulnCheck
Thunderbird for Windows ms-msdt, search, and search-ms Protocols Vulnerability
vulncheck·2022·CVSS 6.5
CVE-2022-34478 [MEDIUM] Thunderbird for Windows ms-msdt, search, and search-ms Protocols Vulnerability
Thunderbird for Windows ms-msdt, search, and search-ms Protocols Vulnerability
The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Affected: Mozilla Firefox
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or m
Red Hat
Mozilla: Microsoft protocols can be attacked if a user accepts a prompt
vendor_redhat·2022-06-28·CVSS 6.5
CVE-2022-34478 [MEDIUM] CWE-356 Mozilla: Microsoft protocols can be attacked if a user accepts a prompt
Mozilla: Microsoft protocols can be attacked if a user accepts a prompt
The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of the `ms-msdt`, `search`, and `search-ms` protocols delivering content
Debian
CVE-2022-34478: firefox - The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protoc...
vendor_debian·2022·CVSS 6.5
CVE-2022-34478 [MEDIUM] CVE-2022-34478: firefox - The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protoc...
The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2022-25: CVE-2022-34478
vendor_mozilla·CVSS 6.5
CVE-2022-34478 [MEDIUM] Mozilla Foundation Security Advisory 2022-25: CVE-2022-34478
Mozilla Foundation Security Advisory 2022-25
CVE: CVE-2022-34478
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 91.11
Mozilla
Mozilla Foundation Security Advisory 2022-26: CVE-2022-34478
vendor_mozilla·CVSS 6.5
CVE-2022-34478 [MEDIUM] Mozilla Foundation Security Advisory 2022-26: CVE-2022-34478
Mozilla Foundation Security Advisory 2022-26
CVE: CVE-2022-34478
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 102
Thunderbird 91.11
Mozilla
Mozilla Foundation Security Advisory 2022-24: CVE-2022-34478
vendor_mozilla·CVSS 6.5
CVE-2022-34478 [MEDIUM] Mozilla Foundation Security Advisory 2022-24: CVE-2022-34478
Mozilla Foundation Security Advisory 2022-24
CVE: CVE-2022-34478
Product: Firefox
Impact: moderate
Fixed in: Firefox 102
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1773717https://www.mozilla.org/security/advisories/mfsa2022-24/https://www.mozilla.org/security/advisories/mfsa2022-25/https://www.mozilla.org/security/advisories/mfsa2022-26/https://bugzilla.mozilla.org/show_bug.cgi?id=1773717https://www.mozilla.org/security/advisories/mfsa2022-24/https://www.mozilla.org/security/advisories/mfsa2022-25/https://www.mozilla.org/security/advisories/mfsa2022-26/
2022-12-22
Published
Exploited in the wild