Main Vulnerability Database Vulnerabilities #VU64761

#VU64761 Improper Authorization in Handler for Custom URL Scheme in Mozilla Firefox - CVE-2022-34478

Published: June 29, 2022

Vulnerability identifier: #VU64761

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-34478

CWE-ID: CWE-939

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insecure usage of URI handlers that allow usage of ms-msdt, search, and search-ms protocols. A remote attacker can trick the victim to click on a specially crafted link and execute arbitrary code on the system, if the victim accepts the browser prompt.

The vulnerability affects Firefox on Windows.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/