CVE-2022-22736

If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.<br>*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1742692	Exploit Issue Tracking Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-01/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1742692	Exploit Issue Tracking Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-01/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:47

Type	Values Removed	Values Added
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1742692 - Exploit, Issue Tracking, Vendor Advisory~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1742692 - Exploit, Issue Tracking, Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2022-01/ - Vendor Advisory~~	() https://www.mozilla.org/security/advisories/mfsa2022-01/ - Vendor Advisory

08 Aug 2023, 14:21

Type	Values Removed	Values Added
CWE	~~NVD-CWE-noinfo~~	CWE-427

Information

Published : 2022-12-22 20:15

Updated : 2025-04-16 16:15

NVD link : CVE-2022-22736

Mitre link : CVE-2022-22736

CVE.ORG link : CVE-2022-22736

JSON object : View

Products Affected

mozilla

firefox

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2022-22736", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2022-12-22T20:15:14.153", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742692", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742692", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.<br>*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96."}, {"lang": "es", "value": "Si Firefox se instal\u00f3 en un directorio escribible, podr\u00eda producirse una escalada de privilegios locales cuando Firefox busque librer\u00edas del sistema en el directorio actual. Sin embargo, el directorio de instalaci\u00f3n no es escribible de forma predeterminada.<br>*Este error s\u00f3lo afecta a Firefox para Windows en una instalaci\u00f3n no predeterminada. Otros sistemas operativos no se ven afectados.*. Esta vulnerabilidad afecta a Firefox < 96."}], "lastModified": "2025-04-16T16:15:21.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "473CF696-0664-4239-995D-D4700507DD1A", "versionEndExcluding": "96.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}