CVE-2022-22748 Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program or handling an external URL protocol.

If a website tries to launch a program without explicitly asking a user to do so, it is considered a phishing attempt. Mozilla products will warn the user when they try to launch a program from an external URL. Prior to this security update, such an external URL could have been disguised as a trusted one, so a user would have been prompted to open it.
A malicious website that tries to launch a program from an external URL can trick Firefox into showing the wrong origin when prompting the user to open it. This could be used to trick Firefox users into believing that the website is a trusted one and opening it.

CVE-2022-2425

This security update resolves a vulnerability in Firefox where a malicious website can trick the browser into showing the wrong origin when prompting the user to open it. The vulnerability is that if Firefox has been configured to use a URL in the whitelist, an external URL could have been disguised as a trusted one, so a user would be prompted to open it.
A malicious website that tries to launch a program from an external URL can trick Firefox into showing the wrong origin when prompting the user to open it. This could be used to trick Firefox users into believing that the website is a trusted one and opening it.

How do I know if my version is vulnerable?

If you use Firefox, we recommend upgrading to the latest version. You can check your version and update by opening "about:support" in Firefox, then click on the "check if I'm vulnerable" button.
If you're not sure which version you're running, go to "about:mozilla" in Firefox and search for the string 'firefox' in the URL. If the string is there, you're on a supported version and not vulnerable to this attack.

Mitigating Factors of Phishing Attempts

Even though Firefox is able to detect and warn users about phishing attempts, there are still some mitigating factors that can make it difficult for users to protect themselves. For instance, Mozilla does not provide protections against phishing attempts on any website. To be protected from these types of attacks, users must take other precautions. They should be cautious when clicking on links that they do not recognize or trust.

What is Mozilla’s fix for CVE-2022-22748?

Mozilla fixed the vulnerabilities by updating the warning prompt that appears when a user tries to launch an external program. The update adds an extra step for users who click on it to make sure they are opening an externally accessed program, and not a trusted one that has been changed by the malicious website.

Timeline

Published on: 12/22/2022 20:15:00 UTC
Last modified on: 12/29/2022 23:16:00 UTC

References

• https://bugzilla.mozilla.org/show_bug.cgi?id=1705211
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-03/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22748