CVE-2022-22754

Public on 2022-03-07
Modified on 2022-03-07
Description
The Mozilla Foundation Security Advisory describes this flaw as:

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions.
Severity
Important severity
Important
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core thunderbird 2022-07-06 ALAS2-2022-1818 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD CVSSv3 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N