CVE-2022-34471
MEDIUMFirefox < 102.0 - Addon Downgrade via Manifest Version Mismatch
Title source: llmDescription
When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102.
References (2)
Core 2
Core References
Issue Tracking, Permissions Required, Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1766047
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-24/
Scores
CVSS v3
6.5
EPSS
0.0025
EPSS Percentile
15.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-345
Status
published
Products (1)
mozilla/firefox
< 102.0
Published
Dec 22, 2022
Tracked Since
Feb 18, 2026