Vulnerability CVE-2022-22753: Information

Description

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-22753

Published: Dec. 22, 2022

Modified: Dec. 30, 2022

Error type identifier: CWE-367

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	97.0-alt1	127.0-alt1	ALT-PU-2022-1230-1	295113	Fixed
firefox	p10	105.0.1-alt0.p10.1	118.0.2-alt0.p10.1	ALT-PU-2022-2930-1	307737	Fixed
firefox	p9	105.0.1-alt0.c9.1	105.0.1-alt0.c9.1	ALT-PU-2023-4339-1	319683	Fixed
firefox	c10f1	105.0.1-alt0.p10.1	112.0.2-alt0.p10.1	ALT-PU-2022-2930-1	307737	Fixed
firefox	c9f2	105.0.1-alt0.c9.1	105.0.1-alt0.c9.1	ALT-PU-2023-1139-1	309126	Fixed
firefox	p11	97.0-alt1	126.0.1-alt1	ALT-PU-2022-1230-1	295113	Fixed
firefox-esr	sisyphus	91.6.0-alt1	115.11.0-alt1	ALT-PU-2022-1229-1	295121	Fixed
firefox-esr	p10	91.6.0-alt1	115.11.0-alt1	ALT-PU-2022-1312-1	295122	Fixed
firefox-esr	p9	91.7.0-alt0.p9.1	102.11.0-alt0.c9.1	ALT-PU-2022-1781-1	288073	Fixed
firefox-esr	c10f1	91.6.0-alt1	115.9.1-alt0.c10.1	ALT-PU-2022-1312-1	295122	Fixed
firefox-esr	c9f2	91.6.0-alt0.c9.1	102.12.0-alt0.c9.1	ALT-PU-2022-1313-1	295320	Fixed
firefox-esr	p11	91.6.0-alt1	115.11.0-alt1	ALT-PU-2022-1229-1	295121	Fixed
thunderbird	sisyphus	91.6.0-alt1	115.9.0-alt1	ALT-PU-2022-1268-1	295259	Fixed
thunderbird	p10	91.6.0-alt1	115.9.0-alt1	ALT-PU-2022-1316-1	295262	Fixed
thunderbird	p9	91.6.0-alt0.p9.1	102.11.0-alt0.c9.1	ALT-PU-2022-1783-1	288073	Fixed
thunderbird	c10f1	91.6.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2022-1316-1	295262	Fixed
thunderbird	c9f2	91.6.0-alt0.c9.1	102.11.0-alt0.c9.1	ALT-PU-2022-1311-1	295333	Fixed
thunderbird	p11	91.6.0-alt1	115.9.0-alt1	ALT-PU-2022-1268-1	295259	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1732435	Exploit Issue Tracking Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-06/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-05/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-04/	Vendor Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2022-22753: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1