CVE-2022-31739
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Al descargar archivos en Windows, el carácter % no se escapaba, lo que podría haber provocado que una descarga se guardara incorrectamente en rutas influenciadas por el atacante que utilizaban variables como %HOMEPATH% o %APPDATA%.<br>*Este error solo afecta Firefox para Windows. Otros sistemas operativos no se ven afectados.*. Esta vulnerabilidad afecta a Thunderbird < 91.10, Firefox < 101 y Firefox ESR < 91.10.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-26 CVE Reserved
- 2022-12-22 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2022-20 | 2023-01-04 | |
https://www.mozilla.org/security/advisories/mfsa2022-21 | 2023-01-04 | |
https://www.mozilla.org/security/advisories/mfsa2022-22 | 2023-01-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 101 Search vendor "Mozilla" for product "Firefox" and version " < 101" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 91.10 Search vendor "Mozilla" for product "Firefox Esr" and version " < 91.10" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 91.10 Search vendor "Mozilla" for product "Thunderbird" and version " < 91.10" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|