CVE-2022-22753

Published: Dic 22, 2022 Last Modified: Apr 16, 2025 EU-VD ID: EUVD-2022-27896 Aliases: GSD-2022-22753

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,1

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: required

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0041

Percentile

0,6th

Updated

EPSS Score Trend (Last 91 Days)

367

Time-of-check Time-of-use (TOCTOU) Race Condition

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Other Non-Repudiation

Potential Impacts:

Alter Execution Logic Unexpected State Modify Application Data Modify Files Or Directories Modify Memory Other Hide Activities

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Medium

View CWE Details

Application

Firefox Esr by Mozilla

Product Information

Vendor Mozilla

Product Firefox Esr

Version Range Affected

To 91.6 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Firefox by Mozilla

Product Information

Vendor Mozilla

Product Firefox

Version Range Affected

To 97.0 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Thunderbird by Mozilla

Product Information

Vendor Mozilla

Product Thunderbird

Version Range Affected

To 91.6 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://bugzilla.mozilla.org/show_bug.cgi?id=1732435

Exploit Issue Tracking Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1732435

https://www.mozilla.org/security/advisories/mfsa2022-04/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2022-04/

https://www.mozilla.org/security/advisories/mfsa2022-05/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2022-05/

https://www.mozilla.org/security/advisories/mfsa2022-06/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2022-06/

https://bugzilla.mozilla.org/show_bug.cgi?id=1732435

Exploit Issue Tracking Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1732435

https://www.mozilla.org/security/advisories/mfsa2022-04/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2022-04/

https://www.mozilla.org/security/advisories/mfsa2022-05/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2022-05/

https://www.mozilla.org/security/advisories/mfsa2022-06/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2022-06/

CVE-2022-22753

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 91 Days)

Time-of-check Time-of-use (TOCTOU) Race Condition

Common Consequences

Applicable Platforms

Firefox Esr by Mozilla

Product Information

Firefox by Mozilla

Product Information

Thunderbird by Mozilla

Product Information

Iscriviti alla newsletter