First published: Tue Dec 13 2022(Updated: )
The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <102.6 | 102.6 |
Mozilla Firefox ESR | <102.6 | 102.6 |
Mozilla Firefox | <108 | 108 |
Mozilla Firefox | <108.0 | |
Mozilla Firefox ESR | <102.6 | |
Mozilla Thunderbird | <102.6 | |
Apple macOS | ||
All of | ||
Any of | ||
Mozilla Firefox | <108.0 | |
Mozilla Firefox ESR | <102.6 | |
Mozilla Thunderbird | <102.6 | |
Apple macOS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2022-46875 is a vulnerability that allows the execution of commands on a user's computer when downloading .atloc and .ftploc files in Firefox and Thunderbird.
This vulnerability only affects Mac OS operating systems.
Firefox versions below 108 and Firefox ESR versions below 102.6 are affected. Thunderbird versions below 102.6 are also affected.
The severity of CVE-2022-46875 is medium with a CVSS score of 6.5.
Upgrade to Firefox version 108 or higher, Firefox ESR version 102.6 or higher, or Thunderbird version 102.6 or higher to mitigate this vulnerability.