Exposure of Resource to Wrong Sphere in Mozilla Firefox and Firefox ESR - CVE-2022-36314
Published: July 26, 2022
Vulnerability identifier: #VU65794
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-36314
CWE-ID: CWE-668
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Mozilla Firefox
Firefox ESR
Mozilla Firefox
Firefox ESR
Detailed vulnerability description
The vulnerability allows an attacker to initiate unintended actions.
The vulnerability exists due to an error when opening .lnk shortcuts on the system. If the shortcut contains a link to an external resource the browser can initiate network requests from the operating system.
The vulnerability affects Windows installations only.
How to mitigate CVE-2022-36314
Install updates from vendor's website.