Published: 22/12/2022 Updated: 03/01/2023

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla firefox_esr
mozilla thunderbird

Mozilla Foundation Security Advisory 2022-32 Security Vulnerabilities fixed in Thunderbird 1021 Announced July 28, 2022 Impact moderate Products Thunderbird Fixed in Thunderbird 1021 ...

Mozilla Foundation Security Advisory 2022-28 Security Vulnerabilities fixed in Firefox 103 Announced July 26, 2022 Impact moderate Products Firefox Fixed in Firefox 103 ...

Mozilla Foundation Security Advisory 2022-30 Security Vulnerabilities fixed in Firefox ESR 1021 Announced July 26, 2022 Impact moderate Products Firefox ESR Fixed in Firefox ESR 1021 ...

CWE-427 https://www.mozilla.org/security/advisories/mfsa2022-30/https://www.mozilla.org/security/advisories/mfsa2022-32/https://www.mozilla.org/security/advisories/mfsa2022-28/https://bugzilla.mozilla.org/show_bug.cgi?id=1773894 https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/

CVE-2022-36314

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect