1. Home
  2. Vulnerabilities
  3. CVE-2022-36314

CVE-2022-36314

CVSS v3.1 5.5 (Medium)
55% Progress
EPSS 0.06 % (24th)
0.06% Progress
Affected Products 4
Advisories 8
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

Weaknesses
CWE-427
Uncontrolled Search Path Element
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2022-12-22 20:15:34
(21 months ago)
Updated Date
2023-01-03 20:15:13
(20 months ago)

Affected Products

Microsoft

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 103.0 version cpe:2.3:a:mozilla:firefox < 103.0
OR  
  Running on/with
  Mozilla Firefox Esr prior 102.1 version cpe:2.3:a:mozilla:firefox_esr < 102.1
OR  
  Running on/with
  Mozilla Thunderbird prior 102.1 version cpe:2.3:a:mozilla:thunderbird < 102.1
OR  
  Running on/with
  Microsoft Windows cpe:2.3:o:microsoft:windows:-