Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-22753

Опубликовано: 08 фев. 2022
Источник: redhat
CVSS3: 7.5

Описание

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.
This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

The Mozilla Foundation Security Advisory describes this flaw as: A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access. This bug only affects Firefox on Windows. Other operating systems are unaffected.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8thunderbirdNot affected
Red Hat Enterprise Linux 9firefoxNot affected
Red Hat Enterprise Linux 9thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-367
https://bugzilla.redhat.com/show_bug.cgi?id=2053241Mozilla: Privilege Escalation to SYSTEM on Windows via Maintenance Service

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-22753

CVSS3: 7.1
ubuntu
около 3 лет назад

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

nvd логотип

CVE-2022-22753

CVSS3: 7.1
nvd
около 3 лет назад

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

debian логотип

CVE-2022-22753

CVSS3: 7.1
debian
около 3 лет назад

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) S ...

github логотип

GHSA-pr6h-wqwg-8wxx

CVSS3: 7.1
github
около 3 лет назад

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

fstec логотип

BDU:2022-00871

CVSS3: 8.8
fstec
почти 4 года назад

Уязвимость службы Maintenance (Updater) Service браузера Mozilla Firefox, позволяющая нарушителю повысить свои привилегии

7.5 High

CVSS3