VDB

DEBIAN-CVE-2022-46874

DEBIAN-CVE-2022-46874 PUBLISHED CVSS 8.800000190734863 HIGH

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:11thunderbird1:88.0~b2-1, 91.1.1-1, 91.10.0-1
Debian:14firefox-esr0, 0, 0
Debian:13firefox-esr0, 0, 0
Debian:12thunderbird0, 0, 0
Debian:13thunderbird0, 0, 0
Debian:12firefox-esr0, 0, 0
Debian:11firefox-esr91.6.1esr-1~deb11u1, 91.7.0esr-1~deb10u1, 91.7.0esr-1~deb9u1
Debian:14thunderbird0, 0, 0

Timeline

  • Dec 22, 2022 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›