CVE Vulnerabilities

CVE-2022-46874

Published: Dec 22, 2022 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
8.8 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 108.0 (excluding)
Firefox_esr Mozilla * 102.6 (excluding)
Thunderbird Mozilla * 102.6 (excluding)
Firefox Ubuntu bionic *
Firefox Ubuntu focal *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu xenial *
Mozjs38 Ubuntu bionic *
Mozjs38 Ubuntu esm-apps/bionic *
Mozjs38 Ubuntu upstream *
Mozjs52 Ubuntu bionic *
Mozjs52 Ubuntu esm-apps/focal *
Mozjs52 Ubuntu esm-infra/bionic *
Mozjs52 Ubuntu focal *
Mozjs52 Ubuntu upstream *
Mozjs68 Ubuntu focal *
Mozjs68 Ubuntu upstream *
Mozjs78 Ubuntu esm-apps/jammy *
Mozjs78 Ubuntu jammy *
Mozjs78 Ubuntu kinetic *
Mozjs78 Ubuntu lunar *
Mozjs78 Ubuntu upstream *
Mozjs91 Ubuntu jammy *
Mozjs91 Ubuntu upstream *
Thunderbird Ubuntu bionic *
Thunderbird Ubuntu devel *
Thunderbird Ubuntu focal *
Thunderbird Ubuntu jammy *
Thunderbird Ubuntu kinetic *
Thunderbird Ubuntu lunar *
Thunderbird Ubuntu mantic *
Thunderbird Ubuntu noble *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu xenial *
Red Hat Enterprise Linux 7 RedHat firefox-0:102.6.0-1.el7_9 *
Red Hat Enterprise Linux 7 RedHat thunderbird-0:102.6.0-2.el7_9 *
Red Hat Enterprise Linux 8 RedHat firefox-0:102.6.0-1.el8_7 *
Red Hat Enterprise Linux 8 RedHat thunderbird-0:102.6.0-2.el8_7 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat firefox-0:102.6.0-1.el8_1 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat thunderbird-0:102.6.0-2.el8_1 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat firefox-0:102.6.0-1.el8_2 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat thunderbird-0:102.6.0-2.el8_2 *
Red Hat Enterprise Linux 8.2 Telecommunications Update Service RedHat firefox-0:102.6.0-1.el8_2 *
Red Hat Enterprise Linux 8.2 Telecommunications Update Service RedHat thunderbird-0:102.6.0-2.el8_2 *
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions RedHat firefox-0:102.6.0-1.el8_2 *
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions RedHat thunderbird-0:102.6.0-2.el8_2 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat firefox-0:102.6.0-1.el8_4 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat thunderbird-0:102.6.0-2.el8_4 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat firefox-0:102.6.0-1.el8_6 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat thunderbird-0:102.6.0-2.el8_6 *
Red Hat Enterprise Linux 9 RedHat firefox-0:102.6.0-1.el9_1 *
Red Hat Enterprise Linux 9 RedHat thunderbird-0:102.6.0-2.el9_1 *
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat firefox-0:102.6.0-1.el9_0 *
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat thunderbird-0:102.6.0-2.el9_0 *

References