CVE-2022-31739 - OpenCVE

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Mozilla	Firefox Firefox Esr Thunderbird

Configuration 1 [-]

AND

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1765049
https://nvd.nist.gov/vuln/detail/CVE-2022-31739
https://www.cve.org/CVERecord?id=CVE-2022-31739
https://www.mozilla.org/security/advisories/mfsa2022-20/
https://www.mozilla.org/security/advisories/mfsa2022-21/
https://www.mozilla.org/security/advisories/mfsa2022-22/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2022-12-22T00:00:00

Updated: 2024-08-03T07:26:01.117Z

Reserved: 2022-05-26T00:00:00

Link: CVE-2022-31739

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-12-22T20:15:28.587

Modified: 2023-01-04T15:54:01.570

Link: CVE-2022-31739

Redhat

Severity : Important

Publid Date: 2022-05-31T00:00:00Z

Links: CVE-2022-31739 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-31739", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "dateUpdated": "2024-08-03T07:26:01.117Z", "dateReserved": "2022-05-26T00:00:00", "datePublished": "2022-12-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2022-12-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10."}], "affected": [{"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"version": "unspecified", "lessThan": "91.10", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox", "versions": [{"version": "unspecified", "lessThan": "101", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"version": "unspecified", "lessThan": "91.10", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-20/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-22/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-21/"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1765049"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Attacker-influenced path traversal when saving downloaded files"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:01.117Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-20/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-22/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-21/", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1765049", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF017812-42B9-4EB1-8F83-8B9712529D2F", "versionEndExcluding": "101", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A30F8BF-AE74-4F4D-A80A-F924AA128DE5", "versionEndExcluding": "91.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A62DB30-D938-4ADD-BF43-9BBC56A6B8C0", "versionEndExcluding": "91.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10."}, {"lang": "es", "value": "Al descargar archivos en Windows, el car\u00e1cter % no se escapaba, lo que podr\u00eda haber provocado que una descarga se guardara incorrectamente en rutas influenciadas por el atacante que utilizaban variables como %HOMEPATH% o %APPDATA%.<br>*Este error solo afecta Firefox para Windows. Otros sistemas operativos no se ven afectados.*. Esta vulnerabilidad afecta a Thunderbird < 91.10, Firefox < 101 y Firefox ESR < 91.10."}], "id": "CVE-2022-31739", "lastModified": "2023-01-04T15:54:01.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-22T20:15:28.587", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1765049"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-20/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-21/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-22/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Mozilla: Attacker-influenced path traversal when saving downloaded files", "id": "2092022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092022"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-22", "details": ["When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when downloading files on Windows, the % character was not escaped, which could have led to a download incorrectly saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%."], "name": "CVE-2022-31739", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-05-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-31739\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31739"], "statement": "This bug only affects Firefox for Windows. Other operating systems are unaffected.", "threat_severity": "Important", "upstream_fix": "firefox 91.10"}