Vulnerability Description
By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.<br>*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 96.0 |
| Apple | Macos | - |
| Microsoft | Windows | - |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1566608ExploitIssue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2022-01/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1566608ExploitIssue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2022-01/Vendor Advisory
FAQ
What is CVE-2022-22750?
CVE-2022-22750 is a vulnerability with a CVSS score of 6.5 (MEDIUM). By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged proce...
How severe is CVE-2022-22750?
CVE-2022-22750 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22750?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Apple Macos, Microsoft Windows.