// For flags

CVE-2022-22748

Mozilla: Spoofed origin on external protocol launch dialog

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Los sitios web maliciosos podrĂ­an haber confundido a Firefox al mostrar el origen incorrecto al solicitar iniciar un programa y manejar un protocolo URL externo. Esta vulnerabilidad afecta a Firefox ESR &lt; 91.5, Firefox &lt; 96 y Thunderbird &lt; 91.5.

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have confused Thunderbird into showing the wrong origin when asking to launch a program and handling an external URL protocol.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-07 CVE Reserved
  • 2022-01-13 CVE Published
  • 2024-07-14 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
< 96.0
Search vendor "Mozilla" for product "Firefox" and version " < 96.0"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
< 91.5
Search vendor "Mozilla" for product "Firefox Esr" and version " < 91.5"
-
Affected
Mozilla
Search vendor "Mozilla"
Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
< 91.5
Search vendor "Mozilla" for product "Thunderbird" and version " < 91.5"
-
Affected