1. Home
  2. Vulnerabilities
  3. CVE-2022-46874

CVE-2022-46874

CVSS v3.1 8.8 (High)
88% Progress
EPSS 1.10 % (85th)
1.10% Progress
Affected Products 3
Advisories 36
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>Note: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2022-12-22 20:15:46
(21 months ago)
Updated Date
2023-05-03 12:16:32
(16 months ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 108.0 version cpe:2.3:a:mozilla:firefox < 108.0
  Mozilla Firefox Esr prior 102.6 version cpe:2.3:a:mozilla:firefox_esr < 102.6
  Mozilla Thunderbird prior 102.6 version cpe:2.3:a:mozilla:thunderbird < 102.6