A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1732435 | Exploit Issue Tracking Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2022-04/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2022-05/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2022-06/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
29 Dec 2022, 23:03
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2022-06/ - Vendor Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2022-04/ - Vendor Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2022-05/ - Vendor Advisory | |
References | (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1732435 - Exploit, Issue Tracking, Vendor Advisory | |
First Time |
Mozilla thunderbird
Microsoft windows Microsoft Mozilla Mozilla firefox Mozilla firefox Esr |
|
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
|
CWE | CWE-367 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
22 Dec 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-22 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-22753
Mitre link : CVE-2022-22753
CVE.ORG link : CVE-2022-22753
JSON object : View
Products Affected
mozilla
- firefox_esr
- firefox
- thunderbird
microsoft
- windows
CWE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition