Main Vulnerability Database Vulnerabilities #VU61109

Improper access control in Firefox ESR - CVE-2022-26386

Published: March 8, 2022

Vulnerability identifier: #VU61109

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-26386

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Firefox ESR

Software vendor:
Mozilla

Description

The vulnerability allows a local user to gain access to victim's downloads.

The vulnerability exists due to browser stores files in the /tmp folder, which is accessible by all local users. A local user can read files from this folder and gain access to potentially sensitive information.

Note, the vulnerability affects Firefox ESR on macOS and Linux.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/

Improper access control in Firefox ESR - CVE-2022-26386

Description

Remediation

External links

Please verify you're human