CVE-2022-22753
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
Existía un error de tiempo de verificación de tiempo de uso en el servicio de mantenimiento (actualizador) del que se podía abusar para otorgar a los usuarios acceso de escritura a un directorio arbitrario. Esto podría haberse utilizado para escalar al acceso al SYSTEM.<br>*Este error solo afecta a Firefox en Windows. Otros sistemas operativos no se ven afectados.*. Esta vulnerabilidad afecta a Firefox < 97, Thunderbird < 91.6 y Firefox ESR < 91.6.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-07 CVE Reserved
- 2022-12-22 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-08-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1732435 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2022-04 | 2022-12-29 | |
https://www.mozilla.org/security/advisories/mfsa2022-05 | 2022-12-29 | |
https://www.mozilla.org/security/advisories/mfsa2022-06 | 2022-12-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 97.0 Search vendor "Mozilla" for product "Firefox" and version " < 97.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 91.6 Search vendor "Mozilla" for product "Firefox Esr" and version " < 91.6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 91.6 Search vendor "Mozilla" for product "Thunderbird" and version " < 91.6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|