Home > Vulnerability Database > CVE-2022-22753

Mend.io Vulnerability Database

CVE-2022-22753

Date: December 22, 2022

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Severity Score

4.3

Related Resources (8)

Url: https://security.alpinelinux.org/vuln/CVE-2022-22753

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1732435

Url: https://www.mozilla.org/security/advisories/mfsa2022-06/

Url: https://www.mozilla.org/security/advisories/mfsa2022-05/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-22753

Url: https://www.mozilla.org/security/advisories/mfsa2022-04/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-22753

Url: https://www.mend.io/vulnerability-database/CVE-2022-22753

Severity Score

4.3

Weakness Type (CWE)

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-367

CVSS v3

Base Score:	4.3
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-22753

Date: December 22, 2022

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3

Do you need more information?