Lucene search

K
cvelistMozillaCVELIST:CVE-2022-22753
HistoryDec 22, 2022 - 12:00 a.m.

CVE-2022-22753

2022-12-2200:00:00
mozilla
www.cve.org
1
cve-2022-22753
maintenance service
write access
arbitrary directory
escalation
windows
firefox
thunderbird
firefox esr

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.4%

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

CNA Affected

[
  {
    "vendor": "Mozilla",
    "product": "Firefox",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "97",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Mozilla",
    "product": "Thunderbird",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "91.6",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Mozilla",
    "product": "Firefox ESR",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "91.6",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]