1. Home
  2. Vulnerabilities
  3. CVE-2022-22753

CVE-2022-22753

CVSS v3.1 7.1 (High)
71% Progress
EPSS 0.20 % (57th)
0.20% Progress
Affected Products 4
Advisories 11
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Weaknesses
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2022-12-22 20:15:17
(21 months ago)
Updated Date
2022-12-29 23:03:01
(20 months ago)

Affected Products

Microsoft

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 97.0 version cpe:2.3:a:mozilla:firefox < 97.0
OR  
  Running on/with
  Mozilla Firefox Esr prior 91.6 version cpe:2.3:a:mozilla:firefox_esr < 91.6
OR  
  Running on/with
  Mozilla Thunderbird prior 91.6 version cpe:2.3:a:mozilla:thunderbird < 91.6
OR  
  Running on/with
  Microsoft Windows cpe:2.3:o:microsoft:windows:-