CVE-2022-36314

Summary

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 102.1affected
MozillaFirefoxunspecified < 103affected
MozillaThunderbirdunspecified < 102.1affected

Weaknesses

  • Opening local <code>.lnk</code> files could cause unexpected network loads

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References