CVE-2022-46875
MEDIUM WAF: Low
CVSS 6.5
Published: 2022-12-22
CWE-287
The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer.
*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | up to 108.0 |
| mozilla | firefox_esr | up to 102.6 |
| mozilla | thunderbird | up to 102.6 |
References
- bugzilla.mozilla.org (Issue Tracking, Permissions Required)
- security.gentoo.org
- security.gentoo.org
- www.mozilla.org (Vendor Advisory)
- www.mozilla.org (Vendor Advisory)
- www.mozilla.org (Vendor Advisory)