CVE-2022-46874

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	108.0 (excluding)
Firefox_esr	Mozilla	*	102.6 (excluding)
Thunderbird	Mozilla	*	102.6 (excluding)
Firefox	Ubuntu	bionic	*
Firefox	Ubuntu	focal	*
Firefox	Ubuntu	trusty	*
Firefox	Ubuntu	upstream	*
Firefox	Ubuntu	xenial	*
Mozjs38	Ubuntu	bionic	*
Mozjs38	Ubuntu	esm-apps/bionic	*
Mozjs38	Ubuntu	upstream	*
Mozjs52	Ubuntu	bionic	*
Mozjs52	Ubuntu	esm-apps/focal	*
Mozjs52	Ubuntu	esm-infra/bionic	*
Mozjs52	Ubuntu	focal	*
Mozjs52	Ubuntu	upstream	*
Mozjs68	Ubuntu	focal	*
Mozjs68	Ubuntu	upstream	*
Mozjs78	Ubuntu	esm-apps/jammy	*
Mozjs78	Ubuntu	jammy	*
Mozjs78	Ubuntu	kinetic	*
Mozjs78	Ubuntu	lunar	*
Mozjs78	Ubuntu	upstream	*
Mozjs91	Ubuntu	jammy	*
Mozjs91	Ubuntu	upstream	*
Thunderbird	Ubuntu	bionic	*
Thunderbird	Ubuntu	devel	*
Thunderbird	Ubuntu	focal	*
Thunderbird	Ubuntu	jammy	*
Thunderbird	Ubuntu	kinetic	*
Thunderbird	Ubuntu	lunar	*
Thunderbird	Ubuntu	mantic	*
Thunderbird	Ubuntu	noble	*
Thunderbird	Ubuntu	trusty	*
Thunderbird	Ubuntu	xenial	*
Red Hat Enterprise Linux 7	RedHat	firefox-0:102.6.0-1.el7_9	*
Red Hat Enterprise Linux 7	RedHat	thunderbird-0:102.6.0-2.el7_9	*
Red Hat Enterprise Linux 8	RedHat	firefox-0:102.6.0-1.el8_7	*
Red Hat Enterprise Linux 8	RedHat	thunderbird-0:102.6.0-2.el8_7	*
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	RedHat	firefox-0:102.6.0-1.el8_1	*
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	RedHat	thunderbird-0:102.6.0-2.el8_1	*
Red Hat Enterprise Linux 8.2 Advanced Update Support	RedHat	firefox-0:102.6.0-1.el8_2	*
Red Hat Enterprise Linux 8.2 Advanced Update Support	RedHat	thunderbird-0:102.6.0-2.el8_2	*
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	RedHat	firefox-0:102.6.0-1.el8_2	*
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	RedHat	thunderbird-0:102.6.0-2.el8_2	*
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	RedHat	firefox-0:102.6.0-1.el8_2	*
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	RedHat	thunderbird-0:102.6.0-2.el8_2	*
Red Hat Enterprise Linux 8.4 Extended Update Support	RedHat	firefox-0:102.6.0-1.el8_4	*
Red Hat Enterprise Linux 8.4 Extended Update Support	RedHat	thunderbird-0:102.6.0-2.el8_4	*
Red Hat Enterprise Linux 8.6 Extended Update Support	RedHat	firefox-0:102.6.0-1.el8_6	*
Red Hat Enterprise Linux 8.6 Extended Update Support	RedHat	thunderbird-0:102.6.0-2.el8_6	*
Red Hat Enterprise Linux 9	RedHat	firefox-0:102.6.0-1.el9_1	*
Red Hat Enterprise Linux 9	RedHat	thunderbird-0:102.6.0-2.el9_1	*
Red Hat Enterprise Linux 9.0 Extended Update Support	RedHat	firefox-0:102.6.0-1.el9_0	*
Red Hat Enterprise Linux 9.0 Extended Update Support	RedHat	thunderbird-0:102.6.0-2.el9_0	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-46874
CWE	https://cwe.mitre.org/data/definitions/.html

Affected Software

References