CVE-2022-22753

Summary

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 97affected
MozillaThunderbirdunspecified < 91.6affected
MozillaFirefox ESRunspecified < 91.6affected

Weaknesses

  • Privilege Escalation to SYSTEM on Windows via Maintenance Service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References