Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2022-34478

Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>This bug only affects Thunderbird on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Vendors

  • Mozilla

Products

  • Firefox,
  • Firefox ESR,
  • Thunderbird

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis