CVE-2022-45415
HIGH WAF: Medium
CVSS 7.8
Published: 2022-12-22
CWE-434
When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox < 107.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | up to 107.0 |
References
- bugzilla.mozilla.org (Issue Tracking, Permissions Required, Vendor Advisory)
- www.mozilla.org (Vendor Advisory)