CVE-2022-22739
Summary
| CVE | CVE-2022-22739 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-12-22 20:15:00 UTC |
| Updated | 2022-12-29 15:47:00 UTC |
| Description | Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1744158 - (CVE-2022-22739) Security: Background page using iframe can show external protocol dialog in other tabs and without throttling | MISC | bugzilla.mozilla.org | |
| Security Vulnerabilities fixed in Firefox 96 — Mozilla | MISC | www.mozilla.org | |
| Security Vulnerabilities fixed in Thunderbird 91.5 — Mozilla | MISC | www.mozilla.org | |
| Security Vulnerabilities fixed in Firefox ESR 91.5 — Mozilla | MISC | www.mozilla.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159590 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-0124)
- 159591 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-0127)
- 159592 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-0129)
- 159593 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-0130)
- 178999 Debian Security Update for firefox-esr (DSA 5044-1)
- 179001 Debian Security Update for thunderbird (DSA 5045-1)
- 179005 Debian Security Update for thunderbird (DLA 2881-1)
- 179006 Debian Security Update for firefox-esr (DLA 2880-1)
- 183786 Debian Security Update for firefox-esrthunderbird (CVE-2022-22739)
- 198631 Ubuntu Security Notification for Firefox Vulnerabilities (USN-5229-1)
- 198641 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5248-1)
- 198643 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5246-1)
- 239998 Red Hat Update for thunderbird (RHSA-2022:0129)
- 239999 Red Hat Update for firefox (RHSA-2022:0132)
- 240000 Red Hat Update for firefox (RHSA-2022:0126)
- 240001 Red Hat Update for thunderbird (RHSA-2022:0127)
- 240002 Red Hat Update for thunderbird (RHSA-2022:0123)
- 240003 Red Hat Update for thunderbird (RHSA-2022:0128)
- 240005 Red Hat Update for firefox (RHSA-2022:0130)
- 240006 Red Hat Update for firefox (RHSA-2022:0124)
- 240435 Red Hat Update for thunderbird (RHSA-2022:0131)
- 240437 Red Hat Update for firefox (RHSA-2022:0125)
- 257141 CentOS Security Update for thunderbird (CESA-2022:0127)
- 257143 CentOS Security Update for firefox (CESA-2022:0124)
- 296062 Oracle Solaris 11.4 Support Repository Update (SRU) 43.113.3 Missing (CPUJAN2022)
- 353193 Amazon Linux Security Advisory for thunderbird : ALAS2-2022-1763
- 353982 Amazon Linux Security Advisory for thunderbird : ALAS2-2022-1818
- 376235 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2022-02)
- 376236 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2022-03)
- 376237 Mozilla Firefox Multiple Vulnerabilities (MFSA2022-01)
- 502072 Alpine Linux Security Update for firefox-esr
- 502384 Alpine Linux Security Update for thunderbird
- 502688 Alpine Linux Security Update for firefox
- 505451 Alpine Linux Security Update for thunderbird
- 710574 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202202-03)
- 710585 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202208-14)
- 751610 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:0115-1)
- 751625 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:0136-1)
- 751626 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:0137-1)
- 751631 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2022:0136-1)
- 751656 OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2022:0199-1)
- 753303 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:14880-1)
- 940429 AlmaLinux Security Update for thunderbird (ALSA-2022:0129)
- 940430 AlmaLinux Security Update for firefox (ALSA-2022:0130)
- 960777 Rocky Linux Security Update for thunderbird (RLSA-2022:0129)
- 960821 Rocky Linux Security Update for firefox (RLSA-2022:0130)