CVE-2022-34478
First published: Tue Jun 28 2022(Updated: )
The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Firefox), so in this release Firefox has blocked these protocols from prompting the user to open them.This bug only affects Firefox on Windows. Other operating systems are unaffected.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox ESR | <91.11 | 91.11 |
| <102 | 102 | |
| <91.11 | 91.11 | |
| <102 | 102 | |
| <91.11 | 91.11 | |
| Mozilla Firefox | <102.0 | |
| Mozilla Firefox ESR | <91.11 | |
| Mozilla Thunderbird | <91.11 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1773717
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/
- https://www.mozilla.org/security/advisories/mfsa2022-24/
- https://www.mozilla.org/security/advisories/mfsa2022-25/
- https://www.mozilla.org/security/advisories/mfsa2022-26/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- collector/mozilla-advisory
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/severity
- agent/references
- agent/author
- agent/description
- source/Mozilla
- agent/software-canonical-lookup
- agent/event
- agent/software-canonical-lookup-request
- agent/tags
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox esr
- canonical/mozilla thunderbird
- canonical/mozilla firefox
- vendor/microsoft
- canonical/microsoft windows