// For flags

CVE-2022-22753

 

Severity Score

7.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Existía un error de tiempo de verificación de tiempo de uso en el servicio de mantenimiento (actualizador) del que se podía abusar para otorgar a los usuarios acceso de escritura a un directorio arbitrario. Esto podría haberse utilizado para escalar al acceso al SYSTEM.<br>*Este error solo afecta a Firefox en Windows. Otros sistemas operativos no se ven afectados.*. Esta vulnerabilidad afecta a Firefox &lt; 97, Thunderbird &lt; 91.6 y Firefox ESR &lt; 91.6.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-07 CVE Reserved
  • 2022-12-22 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • 2024-08-12 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
< 97.0
Search vendor "Mozilla" for product "Firefox" and version " < 97.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
< 91.6
Search vendor "Mozilla" for product "Firefox Esr" and version " < 91.6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Mozilla
Search vendor "Mozilla"
Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
< 91.6
Search vendor "Mozilla" for product "Thunderbird" and version " < 91.6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe