Alpine Linux: CVE-2022-22736: Uncontrolled Search Path Element

Alpine Linux: CVE-2022-22736: Uncontrolled Search Path Element

Severity

7

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:C)

Published

12/22/2022

Created

08/23/2024

Added

08/22/2024

Modified

10/02/2024

Description

If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.<br>*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.

Solution(s)

• alpine-linux-upgrade-firefox

References

• https://attackerkb.com/topics/cve-2022-22736
• CVE - 2022-22736
• https://security.alpinelinux.org/vuln/CVE-2022-22736