Main Vulnerability Database Vulnerabilities #VU69330

#VU69330 Input validation error in Mozilla Firefox and Firefox for Android - CVE-2022-45415

Published: November 15, 2022

Vulnerability identifier: #VU69330

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-45415

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insecure handling of downloaded files. When downloading an HTML file, if the title of the page is formatted as a filename with a malicious extension, Firefox will saved the file with that extension, leading to possible system compromise if the downloaded file is later executed.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/

#VU69330 Input validation error in Mozilla Firefox and Firefox for Android - CVE-2022-45415

Description

Remediation

External links

Please verify you're human