Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-22753
HistoryDec 22, 2022 - 12:00 a.m.

CVE-2022-22753

2022-12-2200:00:00
ubuntu.com
ubuntu.com
28
cve-2022-22753; maintenance service; arbitrary directory access; system access; firefox; thunderbird; firefox esr; vulnerability

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.0%

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater)
Service that could be abused to grant Users write access to an arbitrary
directory. This could have been used to escalate to SYSTEM access.<br>This
bug only affects Firefox on Windows. Other operating systems are
unaffected.
. This vulnerability affects Firefox < 97, Thunderbird < 91.6,
and Firefox ESR < 91.6.

Notes

Author Note
tyhicks mozjs contains a copy of the SpiderMonkey JavaScript engine

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.0%