Vulnerability Details : CVE-2022-34471
When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102.
Products affected by CVE-2022-34471
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-34471
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-34471
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-04-15 |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-34471
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2022-34471
-
https://www.mozilla.org/security/advisories/mfsa2022-24/
Security Vulnerabilities fixed in Firefox 102 — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1766047
Access DeniedIssue Tracking;Permissions Required;Vendor Advisory
Jump to