跳转到帖子

Alpine Linux: CVE-2022-46874: Vulnerability in Multiple Components

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Alpine Linux: CVE-2022-46874: Vulnerability in Multiple Components

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
12/22/2022
Created
08/23/2024
Added
08/22/2024
Modified
10/02/2024

Description

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.

Solution(s)

  • alpine-linux-upgrade-firefox-esr

References

  • https://attackerkb.com/topics/cve-2022-46874
  • CVE - 2022-46874
  • https://security.alpinelinux.org/vuln/CVE-2022-46874
  • 引用
  • Mention
    • 查看数 697
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表