CVE-2022-22736

{"id": "CVE-2022-22736", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2022-12-22T20:15:14.153", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742692", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.<br>*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96."}, {"lang": "es", "value": "Si Firefox se instal\u00f3 en un directorio escribible, podr\u00eda producirse una escalada de privilegios locales cuando Firefox busque librer\u00edas del sistema en el directorio actual. Sin embargo, el directorio de instalaci\u00f3n no es escribible de forma predeterminada.<br>*Este error s\u00f3lo afecta a Firefox para Windows en una instalaci\u00f3n no predeterminada. Otros sistemas operativos no se ven afectados.*. Esta vulnerabilidad afecta a Firefox &lt; 96."}], "lastModified": "2023-08-08T14:21:49.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "473CF696-0664-4239-995D-D4700507DD1A", "versionEndExcluding": "96.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}