Main Vulnerability Database Vulnerabilities #VU60372

Time-of-check Time-of-use (TOCTOU) Race Condition in Mozilla Firefox and Firefox ESR - CVE-2022-22753

Published: February 8, 2022

Vulnerability identifier: #VU60372

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-22753

CWE-ID: CWE-367

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox ESR

Software vendor:
Mozilla

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the Maintenance (Updater) Service. A local unprivileged user can grant Users write access to an arbitrary directory on the system and execute arbitrary code with SYSTEM privileges.

Note, the vulnerability affects Windows installations only.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/

Time-of-check Time-of-use (TOCTOU) Race Condition in Mozilla Firefox and Firefox ESR - CVE-2022-22753

Description

Remediation

External links

Please verify you're human