CVE-2022-34471
First published: Tue Jun 28 2022(Updated: )
When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <102 | 102 |
| <102 | 102 | |
| Mozilla Firefox | <102.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2022-34471?
CVE-2022-34471 is a vulnerability that allows an attacker to downgrade the version of a downloaded Firefox addon update.
How does CVE-2022-34471 work?
CVE-2022-34471 occurs when the downloaded addon update's version is not verified to match the version selected from the manifest, allowing an attacker to trick the browser into downgrading the addon to a prior version.
Which software is affected by CVE-2022-34471?
Mozilla Firefox versions up to and including 102.0 are affected by CVE-2022-34471.
What is the severity of CVE-2022-34471?
CVE-2022-34471 has a severity rating of 6.5, which is considered medium.
How can I fix CVE-2022-34471?
To fix CVE-2022-34471, update Mozilla Firefox to version 102.0 or higher.
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/references
- agent/event
- agent/description
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- agent/tags
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox