CVE-2022-26386

Medium

Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior…

mozilla·NVD-CWE-noinfo·Published 2022-12-22

CVSS

6.5

EPSS

0.01

KEV

Exploits

cve.orgen

476 chars

Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7.

NVDen

476 chars

NVDes

527 chars

Anteriormente, Firefox para macOS y Linux descargaba archivos temporales a un directorio específico del usuario en <code>/tmp</code>, pero este comportamiento se cambió para descargarlos a <code>/tmp</code> donde podrían verse afectados. por otros usuarios locales. Este comportamiento se revirtió al directorio original específico del usuario. <br>*Este error solo afecta a Firefox para macOS y Linux. Otros sistemas operativos no se ven afectados.*. Esta vulnerabilidad afecta a Firefox ESR < 91,7 y Thunderbird < 91.7.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
3.1	Secondary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N