A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br />Note: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.

CPENameOperatorVersion
firefoxlt108.0
firefox_esrlt102.6
thunderbirdlt102.6

Name	Operator	Version
firefox	lt	108.0
firefox_esr	lt	102.6
thunderbird	lt	102.6

References

bugzilla.mozilla.org/show_bug.cgi?id=1746139

security.gentoo.org/glsa/202305-06

security.gentoo.org/glsa/202305-13

www.mozilla.org/security/advisories/mfsa2022-51/

www.mozilla.org/security/advisories/mfsa2022-52/

www.mozilla.org/security/advisories/mfsa2022-53/

www.mozilla.org/security/advisories/mfsa2022-54/

slackware 3

ubuntucve 1

mageia 3

cvelist 1

redhatcve 1

cve 1

altlinux 3

nessus 59

openvas 26

alpinelinux 1

nvd 1

mozilla 4

veracode 1

debiancve 1

oraclelinux 6

debian 4

osv 13

rocky 2

redhat 16

almalinux 4

ubuntu 4

ibm 2

kaspersky 3

gentoo 2

amazon 2

photon 1

slackware

[slackware-security] mozilla-thunderbird

2022-12-22 03:47:13

[slackware-security] mozilla-firefox

2022-12-14 21:30:17

[slackware-security] mozilla-thunderbird

2022-12-14 21:30:37

ubuntucve

CVE-2022-46874

2022-12-14 00:00:00

mageia

Updated thunderbird packages fix security vulnerability

2022-12-31 01:39:00

Updated firefox packages fix security vulnerability

2022-12-17 23:37:44

Updated thunderbird packages fix security vulnerability

2022-12-17 23:37:44

cvelist

CVE-2022-46874

2022-12-22 00:00:00

redhatcve

CVE-2022-46874

2022-12-14 16:04:59

cve

CVE-2022-46874

2022-12-22 20:15:46

altlinux

Security fix for the ALT Linux 10 package thunderbird version 102.6.1-alt1

2022-12-29 00:00:00

Security fix for the ALT Linux 10 package thunderbird version 102.6.0-alt1

2022-12-23 00:00:00

Security fix for the ALT Linux 10 package firefox-esr version 102.6.0-alt1

2022-12-22 00:00:00

nessus

SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2022:4636-1)

2022-12-30 00:00:00

Mozilla Thunderbird < 102.6.1

2022-12-22 00:00:00

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2022-355-01)

2022-12-23 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2022:4636-1)

2022-12-30 00:00:00

Mageia: Security Advisory (MGASA-2022-0484)

2023-01-02 00:00:00

Mozilla Thunderbird Security Advisories (MFSA2022-54, MFSA2022-54) - Windows

2022-12-29 00:00:00

alpinelinux

CVE-2022-46874

2022-12-22 20:15:46

nvd

CVE-2022-46874

2022-12-22 20:15:46

mozilla

Security Vulnerabilities fixed in Thunderbird 102.6.1 — Mozilla

2022-12-20 00:00:00

Security Vulnerabilities fixed in Firefox ESR 102.6 — Mozilla

2022-12-13 00:00:00

Security Vulnerabilities fixed in Thunderbird 102.6 — Mozilla

2022-12-13 00:00:00

veracode

Remote Code Execution

2022-12-15 23:25:36

debiancve

CVE-2022-46874

2022-12-22 20:15:46

oraclelinux

firefox security update

2022-12-16 00:00:00

firefox security update

2022-12-15 00:00:00

firefox security update

2022-12-16 00:00:00

debian

[SECURITY] [DLA 3241-1] firefox-esr security update

2022-12-15 18:16:56

[SECURITY] [DLA 3242-1] thunderbird security update

2022-12-15 18:22:21

[SECURITY] [DSA 5301-1] firefox-esr security update

2022-12-14 18:15:26

osv

thunderbird - security update

2022-12-15 00:00:00

Important: firefox security update

2022-12-15 00:00:00

firefox-esr - security update

2022-12-15 00:00:00

rocky

firefox security update

2022-12-15 15:32:10

thunderbird security update

2023-01-14 01:54:53

redhat

(RHSA-2022:9068) Important: firefox security update

2022-12-15 15:32:46

(RHSA-2022:9069) Important: firefox security update

2022-12-15 15:38:06

(RHSA-2022:9065) Important: firefox security update

2022-12-15 15:31:09

almalinux

Important: firefox security update

2022-12-15 00:00:00

Important: firefox security update

2022-12-15 00:00:00

Important: thunderbird security update

2022-12-15 00:00:00

ubuntu

Firefox vulnerabilities

2022-12-15 00:00:00

Firefox regressions

2023-01-05 00:00:00

Firefox regressions

2023-01-10 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.6ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16

2023-02-15 10:00:54

Security Bulletin: Due to use of Mozilla Firefox, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities.

2023-08-31 11:04:58

kaspersky

KLA20114 Multiple vulnerabilities in Mozilla Firefox ESR

2022-12-13 00:00:00

KLA20115 Multiple vulnerabilities in Mozilla Thunderbird

2022-12-13 00:00:00

KLA20113 Multiple vulnerabilities in Mozilla Firefox

2022-12-13 00:00:00

gentoo

Mozilla Thunderbird: Multiple Vulnerabilities

2023-05-03 00:00:00

Mozilla Firefox: Multiple Vulnerabilities

2023-05-03 00:00:00

amazon

Important: thunderbird

2023-02-17 00:11:00

Important: thunderbird

2023-02-17 00:11:00

photon

Critical Photon OS Security Update - PHSA-2023-5.0-0035

2023-06-22 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.6 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for PRION:CVE-2022-46874