CVE-2022-22756

Summary

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 97affected
MozillaThunderbirdunspecified < 91.6affected
MozillaFirefox ESRunspecified < 91.6affected

Weaknesses

  • Drag and dropping an image could have resulted in the dropped object being an executable

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References