Bug 2053237 (CVE-2022-22756)

Summary: CVE-2022-22756 Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: erack, jhorak, nobody, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 91.6, thunderbird 91.6 Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script, which would have run arbitrary code after the user clicked it.
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-02-14 10:18:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 2051916, 2051917, 2051918, 2051919, 2051920, 2051921, 2051922, 2051926, 2051927, 2051928, 2051929, 2051930, 2051931, 2051932, 2053036, 2054257    
Bug Blocks: 2051914    

Description Tomas Hoger 2022-02-10 18:44:03 UTC
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it.

External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22756

Comment 1 errata-xmlrpc 2022-02-14 08:29:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0513 https://access.redhat.com/errata/RHSA-2022:0513

Comment 2 errata-xmlrpc 2022-02-14 08:43:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0512 https://access.redhat.com/errata/RHSA-2022:0512

Comment 3 errata-xmlrpc 2022-02-14 08:46:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0511 https://access.redhat.com/errata/RHSA-2022:0511

Comment 4 errata-xmlrpc 2022-02-14 08:50:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0510 https://access.redhat.com/errata/RHSA-2022:0510

Comment 5 errata-xmlrpc 2022-02-14 09:07:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0514 https://access.redhat.com/errata/RHSA-2022:0514

Comment 6 Product Security DevOps Team 2022-02-14 10:18:02 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-22756

Comment 8 errata-xmlrpc 2022-02-15 10:17:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0539 https://access.redhat.com/errata/RHSA-2022:0539

Comment 9 errata-xmlrpc 2022-02-15 10:32:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0535 https://access.redhat.com/errata/RHSA-2022:0535

Comment 10 errata-xmlrpc 2022-02-15 10:33:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0537 https://access.redhat.com/errata/RHSA-2022:0537

Comment 11 errata-xmlrpc 2022-02-15 10:36:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0536 https://access.redhat.com/errata/RHSA-2022:0536

Comment 12 errata-xmlrpc 2022-02-15 10:50:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0538 https://access.redhat.com/errata/RHSA-2022:0538