CVE-2022-45415

Summary

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox < 107.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 107affected

Weaknesses

  • Downloaded file may have been saved with malicious extension

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References