CVE-2022-34471
Summary
| CVE | CVE-2022-34471 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-12-22 20:15:00 UTC |
| Updated | 2023-01-04 16:04:00 UTC |
| Description | When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Access Denied | MISC | bugzilla.mozilla.org | |
| Security Vulnerabilities fixed in Firefox 102 — Mozilla | MISC | www.mozilla.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 198849 Ubuntu Security Notification for Firefox Vulnerabilities (USN-5504-1)
- 376705 Mozilla Firefox Multiple Vulnerabilities (MFSA2022-24)
- 502853 Alpine Linux Security Update for firefox
- 505737 Alpine Linux Security Update for firefox
- 710582 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202208-08)
- 752583 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3273-1)
- 752590 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3272-1)
- 752611 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3396-1)