Home > Vulnerability Database > CVE-2022-22753

Mend.io Vulnerability Database

CVE-2022-22753

Date: December 22, 2022

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Severity Score

7.1

Related Resources (8)

Url: https://security.alpinelinux.org/vuln/CVE-2022-22753

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1732435

Url: https://www.mozilla.org/security/advisories/mfsa2022-06/

Url: https://www.mozilla.org/security/advisories/mfsa2022-05/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-22753

Url: https://www.mozilla.org/security/advisories/mfsa2022-04/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-22753

Url: https://www.mend.io/vulnerability-database/CVE-2022-22753

Severity Score

7.1

Weakness Type (CWE)

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-367

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-22753

Date: December 22, 2022

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?