Exposure of Resource to Wrong Sphere in Mozilla Firefox and Firefox ESR - CVE-2022-36314

 

Exposure of Resource to Wrong Sphere in Mozilla Firefox and Firefox ESR - CVE-2022-36314

Published: July 26, 2022


Vulnerability identifier: #VU65794
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-36314
CWE-ID: CWE-668
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Mozilla
Affected software:
Mozilla Firefox
Firefox ESR

Detailed vulnerability description

The vulnerability allows an attacker to initiate unintended actions.

The vulnerability exists due to an error when opening .lnk shortcuts on the system. If the shortcut contains a link to an external resource the browser can initiate network requests from the operating system.

The vulnerability affects Windows installations only.


How to mitigate CVE-2022-36314

Install updates from vendor's website.

Sources