CVE-2022-34483

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox < 102.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1335845	Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-24/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1335845	Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-24/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

History

15 Apr 2025, 18:15

Type	Values Removed	Values Added
CWE		CWE-434

21 Nov 2024, 07:09

Type	Values Removed	Values Added
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1335845 - Issue Tracking, Permissions Required, Vendor Advisory~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1335845 - Issue Tracking, Permissions Required, Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2022-24/ - Vendor Advisory~~	() https://www.mozilla.org/security/advisories/mfsa2022-24/ - Vendor Advisory

Information

Published : 2022-12-22 20:15

Updated : 2025-04-15 18:15

NVD link : CVE-2022-34483

Mitre link : CVE-2022-34483

CVE.ORG link : CVE-2022-34483

JSON object : View

Products Affected

mozilla

firefox

CWE

NVD-CWE-noinfo CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2022-34483", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-12-22T20:15:33.930", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1335845", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1335845", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox < 102."}, {"lang": "es", "value": "Un atacante que podr\u00eda haber convencido a un usuario de arrastrar y soltar una imagen en un sistema de archivos podr\u00eda haber manipulado el nombre del archivo resultante para que contuviera una extensi\u00f3n ejecutable y, por extensi\u00f3n, potencialmente enga\u00f1ar al usuario para que ejecutara c\u00f3digo malicioso. Si bien es muy similar, este es un problema separado de CVE-2022-34482. Esta vulnerabilidad afecta a Firefox < 102."}], "lastModified": "2025-04-15T18:15:42.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D117FB2D-9780-4CCE-BAD9-AC6A81500598", "versionEndExcluding": "102.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}

8.8 /10