1. Home
  2. Vulnerabilities
  3. CVE-2022-34471

CVE-2022-34471

CVSS v3.1 6.5 (Medium)
65% Progress
EPSS 0.08 % (35th)
0.08% Progress
Affected Products 1
Advisories 7
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2022-12-22 20:15:31
(21 months ago)
Updated Date
2023-01-04 16:04:16
(20 months ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 102.0 version cpe:2.3:a:mozilla:firefox < 102.0