ghsa-mhvm-x9qg-34cw
Vulnerability from github
Published
2022-12-22 21:30
Modified
2022-12-30 00:30
Severity
Details
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
{ "affected": [], "aliases": [ "CVE-2022-22754" ], "database_specific": { "cwe_ids": [ "CWE-863" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-12-22T20:15:00Z", "severity": "MODERATE" }, "details": "If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox \u003c 97, Thunderbird \u003c 91.6, and Firefox ESR \u003c 91.6.", "id": "GHSA-mhvm-x9qg-34cw", "modified": "2022-12-30T00:30:42Z", "published": "2022-12-22T21:30:30Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22754" }, { "type": "WEB", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1750565" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2022-04" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2022-05" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2022-06" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }
Loading...