CVE-2022-45415

Published: Dec 22, 2022Modified: Apr 15, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox < 107.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 107.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (5)

https://bugzilla.mozilla.org/show_bug.cgi?id=1793551

Source: security@mozilla.org

Issue TrackingPermissions RequiredVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2022-47/

Source: security@mozilla.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1793551

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions RequiredVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2022-47/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1793551

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Issue TrackingPermissions RequiredVendor Advisory

Timeline

No history available yet.