High severity8.8NVD Advisory· Published Dec 22, 2022· Updated Jun 17, 2026
CVE-2022-22756
CVE-2022-22756
Description
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
48<97+ 2 more
- (no CPE)range: <97
- (no CPE)range: unspecified
- (no CPE)range: unspecified
<91.6+ 1 more
- (no CPE)range: <91.6
- (no CPE)range: unspecified
- osv-coords43 versionspkg:rpm/almalinux/firefoxpkg:rpm/almalinux/thunderbirdpkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3
< 91.6.0-1.el8_5.alma+ 42 more
- (no CPE)range: < 91.6.0-1.el8_5.alma
- (no CPE)range: < 91.6.0-1.el8_5.alma
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 97.0-1.1
- (no CPE)range: < 91.6.1-8.54.1
- (no CPE)range: < 91.6.0-1.1
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.0-150.18.1
- (no CPE)range: < 91.6.0-152.15.1
- (no CPE)range: < 91.6.0-150.18.1
- (no CPE)range: < 91.6.0-150.18.1
- (no CPE)range: < 91.6.0-152.15.1
- (no CPE)range: < 91.6.0-152.15.1
- (no CPE)range: < 91.6.0-150.18.1
- (no CPE)range: < 91.6.0-150.18.1
- (no CPE)range: < 91.6.0-152.15.1
- (no CPE)range: < 91.6.0-152.15.1
- (no CPE)range: < 91.6.0-78.162.2
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.0-150.18.1
- (no CPE)range: < 91.6.0-150.18.1
- (no CPE)range: < 91.6.0-152.15.1
- (no CPE)range: < 91.6.0-152.15.1
- (no CPE)range: < 91.6.0-150.18.1
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.0-150.18.1
- (no CPE)range: < 91.6.0-150.18.1
- (no CPE)range: < 91.6.0-152.15.1
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.0-152.15.1
- (no CPE)range: < 91.6.0-152.15.1
- (no CPE)range: < 91.6.0-152.15.1
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.0-112.89.1
- (no CPE)range: < 91.6.1-8.54.1
Patches
Vulnerability mechanics
References
4- bugzilla.mozilla.org/show_bug.cginvdExploitIssue TrackingVendor Advisory
- www.mozilla.org/security/advisories/mfsa2022-04/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2022-05/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2022-06/nvdVendor Advisory
News mentions
0No linked articles in our index yet.