Main Vulnerability Database Exploits ID:8745 - Exploit for Insufficient UI Warning of Dangerous Operations in Mozilla Firefox and Firefox ESR - CVE-2022-46875

ID:8745 - Exploit for Insufficient UI Warning of Dangerous Operations in Mozilla Firefox and Firefox ESR - CVE-2022-46875

Published: January 16, 2023

Vulnerability identifier: #VU70148

Vulnerability risk: Medium

CVE-ID: CVE-2022-46875

CWE-ID: CWE-357

Exploitation vector: Remote access

Vulnerable software:
Mozilla Firefox
Firefox ESR

Link to public exploit:

https://ssd-disclosure.com/ssd-advisory-macos-mozilla-firefox-download-protections-were-bypassed-by-atloc-ftploc-files

Vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to executable file warning is not displayed when downloading .atloc and .ftploc files. A remote attacker can trick the victim into downloading and executing dangerous files.

Note, the vulnerability affects macOS installations only.

Remediation

Install updates from vendor's website.

ID:8745 - Exploit for Insufficient UI Warning of Dangerous Operations in Mozilla Firefox and Firefox ESR - CVE-2022-46875

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human