Home > Vulnerability Database > CVE-2022-22756

Mend.io Vulnerability Database

CVE-2022-22756

Date: December 22, 2022

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Language: SCHEME

Severity Score

8.8

Related Resources (11)

Url: https://security.alpinelinux.org/vuln/CVE-2022-22756

Url: https://github.com/Millak/guix/commit/f1d20dc649943b2fe3934520c3f5c1f8524eac2b

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-22756

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-22756

Url: https://access.redhat.com/security/cve/CVE-2022-22756

Url: https://www.mozilla.org/security/advisories/mfsa2022-06/

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1317873

Url: https://www.mozilla.org/security/advisories/mfsa2022-05/

Url: https://www.mozilla.org/security/advisories/mfsa2022-04/

Url: https://security-tracker.debian.org/tracker/CVE-2022-22756

Url: https://www.mend.io/vulnerability-database/CVE-2022-22756

Severity Score

8.8

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-22756

Date: December 22, 2022

Language: SCHEME

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?