Bug 2053237 (CVE-2022-22756)
| Summary: | CVE-2022-22756 Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | erack, jhorak, nobody, stransky, tpopela |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 91.6, thunderbird 91.6 | Doc Type: | If docs needed, set a value |
| Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as:
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script, which would have run arbitrary code after the user clicked it.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-02-14 10:18:04 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2051916, 2051917, 2051918, 2051919, 2051920, 2051921, 2051922, 2051926, 2051927, 2051928, 2051929, 2051930, 2051931, 2051932, 2053036, 2054257 | ||
| Bug Blocks: | 2051914 | ||
|
Description
Tomas Hoger
2022-02-10 18:44:03 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0513 https://access.redhat.com/errata/RHSA-2022:0513 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0512 https://access.redhat.com/errata/RHSA-2022:0512 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0511 https://access.redhat.com/errata/RHSA-2022:0511 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0510 https://access.redhat.com/errata/RHSA-2022:0510 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0514 https://access.redhat.com/errata/RHSA-2022:0514 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-22756 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0539 https://access.redhat.com/errata/RHSA-2022:0539 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0535 https://access.redhat.com/errata/RHSA-2022:0535 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0537 https://access.redhat.com/errata/RHSA-2022:0537 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0536 https://access.redhat.com/errata/RHSA-2022:0536 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0538 https://access.redhat.com/errata/RHSA-2022:0538 |