CVE-2022-34482
HIGH WAF: Medium
CVSS 8.8
Published: 2022-12-22
CWE-434
An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox < 102.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | up to 102.0 |
References
- bugzilla.mozilla.org (Issue Tracking, Permissions Required, Vendor Advisory)
- www.mozilla.org (Vendor Advisory)