CVE-2022-46875

Summary

The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 108affected
MozillaFirefox ESRunspecified < 102.6affected
MozillaThunderbirdunspecified < 102.6affected

Weaknesses

  • Download Protections were bypassed by .atloc and .ftploc files on Mac OS

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References