发布时间: 2022年7月12日
修改时间: 2024年11月30日
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of the `ms-msdt`, `search`, and `search-ms` protocols delivering content to Microsoft applications and bypassing the browser when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Firefox), so in this release, Firefox has blocked these protocols from prompting the user to open them.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | Low |
| Attack Vector | Network | Network |
| CVSS评分 | 6.5 | 6.1 |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| Scope | Unchanged | Changed |
| Integrity | High | Low |
| User Interaction | Required | Required |
| Availability | None | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-1605 | A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of the `ms-msdt`, `search`, and `search-ms` protocols delivering content to Microsoft applications and bypassing the browser when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Firefox), so in this release, Firefox has blocked these protocols from prompting the user to open them. | 2022年7月12日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | firefox | Unaffected |
| KY3.4-5 | firefox | Unaffected |
| KY3.5.1 | firefox | Unaffected |
