CVE-2022-36318

Summary

CVE	CVE-2022-36318
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-12-22 20:15:00 UTC
Updated	2023-01-04 02:21:00 UTC
Description	When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

Risk And Classification

Problem Types: CWE-362

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Firefox	All	All	All	All
Application	Mozilla	Firefox Esr	All	All	All	All
Application	Mozilla	Thunderbird	All	All	All	All

References

Reference	Source	Link	Tags
Security Vulnerabilities fixed in Thunderbird 102.1 — Mozilla	MISC	www.mozilla.org
Access Denied	MISC	bugzilla.mozilla.org
Security Vulnerabilities fixed in Firefox 103 — Mozilla	MISC	www.mozilla.org
Security Vulnerabilities fixed in Firefox ESR 91.12 — Mozilla	MISC	www.mozilla.org
Security Vulnerabilities fixed in Firefox ESR 102.1 — Mozilla	MISC	www.mozilla.org
Security Vulnerabilities fixed in Thunderbird 91.12 — Mozilla	MISC	www.mozilla.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160004 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-5776)
160005 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-5773)
160007 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-5778)
160008 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-5767)
160010 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-5777)
160013 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-5774)
180902 Debian Security Update for firefox-esr (DSA 5193-1)
180904 Debian Security Update for thunderbird (DSA 5195-1)
181958 Debian Security Update for firefox-esrthunderbird (CVE-2022-36318)
198874 Ubuntu Security Notification for Firefox Vulnerabilities (USN-5536-1)
198977 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5663-1)
240568 Red Hat Update for firefox (RHSA-2022:5777)
240569 Red Hat Update for thunderbird (RHSA-2022:5778)
240570 Red Hat Update for firefox (RHSA-2022:5769)
240572 Red Hat Update for thunderbird (RHSA-2022:5772)
240573 Red Hat Update for thunderbird (RHSA-2022:5773)
240574 Red Hat Update for thunderbird (RHSA-2022:5771)
240575 Red Hat Update for thunderbird (RHSA-2022:5774)
240576 Red Hat Update for firefox (RHSA-2022:5767)
240577 Red Hat Update for firefox (RHSA-2022:5765)
240579 Red Hat Update for firefox (RHSA-2022:5776)
257187 CentOS Security Update for thunderbird (CESA-2022:5773)
257188 CentOS Security Update for firefox (CESA-2022:5776)
354078 Amazon Linux Security Advisory for thunderbird : ALAS2-2022-1855
356231 Amazon Linux Security Advisory for firefox : ALASFIREFOX-2023-012
376758 Mozilla Firefox Multiple Vulnerabilities (MFSA2022-28)
376759 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2022-30)
376760 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2022-29)
376767 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2022-32)
376768 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2022-31)
502460 Alpine Linux Security Update for firefox-esr
502852 Alpine Linux Security Update for firefox-esr
502854 Alpine Linux Security Update for firefox
505735 Alpine Linux Security Update for firefox-esr
505738 Alpine Linux Security Update for firefox
710582 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202208-08)
710585 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202208-14)
752404 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:2596-1)
752406 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:2602-1)
752412 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:2611-1)
752583 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3273-1)
752590 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3272-1)
752611 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3396-1)
753189 SUSE Enterprise Linux Security Update for MozillaThunderbird (SUSE-SU-2022:3281-1)
753337 SUSE Enterprise Linux Security Update for MozillaThunderbird (SUSE-SU-2022:2748-1)
940603 AlmaLinux Security Update for firefox (ALSA-2022:5777)
940604 AlmaLinux Security Update for thunderbird (ALSA-2022:5774)
940620 AlmaLinux Security Update for firefox (ALSA-2022:5767)
960295 Rocky Linux Security Update for thunderbird (RLSA-2022:5774)
960377 Rocky Linux Security Update for firefox (RLSA-2022:5777)