Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-22756

Опубликовано: 22 дек. 2022
Источник: debian
EPSS Низкий

Описание

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed97.0-1package
firefox-esrfixed91.6.0esr-1package
thunderbirdfixed1:91.6.0-1package

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22756

  • https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22756

  • https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22756

EPSS

Процентиль: 41%
0.00189
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-22756

CVSS3: 8.8
ubuntu
больше 2 лет назад

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

redhat логотип

CVE-2022-22756

CVSS3: 8.8
redhat
больше 3 лет назад

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

nvd логотип

CVE-2022-22756

CVSS3: 8.8
nvd
больше 2 лет назад

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

github логотип

GHSA-34mj-396j-93pr

CVSS3: 8.8
github
больше 2 лет назад

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

fstec логотип

BDU:2022-00808

CVSS3: 7.5
fstec
больше 3 лет назад

Уязвимость функции перетаскивания изображений браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 41%
0.00189
Низкий