CVE-2022-22756

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-22756

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-22756.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-22756

Downstream

DEBIAN-CVE-2022-22756

DLA-2916-1

DLA-2921-1

DSA-5069-1

DSA-5074-1

OESA-2023-1673

OESA-2023-1674

RHSA-2022:0510

RHSA-2022:0511

RHSA-2022:0512

RHSA-2022:0513

RHSA-2022:0514

RHSA-2022:0535

RHSA-2022:0536

RHSA-2022:0537

RHSA-2022:0538

RHSA-2022:0539

SUSE-SU-2022:0559-1

SUSE-SU-2022:0565-1

SUSE-SU-2022:0676-1

SUSE-SU-2022:0696-1

SUSE-SU-2022:14896-1

UBUNTU-CVE-2022-22756

USN-5284-1

USN-5345-1

openSUSE-SU-2022:0559-1

openSUSE-SU-2024:11837-1

openSUSE-SU-2024:11842-1

openSUSE-SU-2024:14572-1

Related

Published

2022-12-22T20:15:18Z

Modified

2025-08-09T20:01:27Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

References

Affected packages