GSD-2022-34478 — Vulnetix

GSD-2022-34478 PUBLISHED CVSS 6.5 MEDIUM

The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Mozilla	Firefox ESR	unspecified
Mozilla	Thunderbird	unspecified, unspecified
Mozilla	Firefox	unspecified

Timeline

May 31, 2022 CVE Published
Oct 1, 2025 PoC Published

References

https://www.mozilla.org/security/advisories/mfsa2022-24/ url
https://www.mozilla.org/security/advisories/mfsa2022-26/ url
https://www.mozilla.org/security/advisories/mfsa2022-25/ url
https://bugzilla.mozilla.org/show_bug.cgi?id=1773717 url

Open in Interactive Console →