The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1773717 | Issue Tracking Permissions Required Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2022-24/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2022-25/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2022-26/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2022-12-22T00:00:00
Updated: 2022-12-22T00:00:00
Reserved: 2022-06-24T00:00:00
Link: CVE-2022-34478
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-12-22T20:15:32.903
Modified: 2023-01-03T19:07:07.247
Link: CVE-2022-34478
JSON object: View
Redhat Information
No data.
CWE