CVE-2022-34471

MEDIUM Year: 2022
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-345
View all →

Vulnerability Description

When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102.

Related Vulnerabilities

CVE-2019-17228

MEDIUM
CVSS:6.5(Medium)

includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes.

CWE-3452019

CVE-2019-5587

MEDIUM
CVSS:6.5(Medium)

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassemblin...

CWE-3452019

CVE-2019-8921

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick...

CWE-3452019

CVE-2020-10137

MEDIUM
CVSS:6.5(Medium)

Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE...

CWE-3452020

CVE-2020-9230

MEDIUM
CVSS:6.5(Medium)

WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due to improper verification of specific message, an attacker may exploit this vulnerability to cause specific function to become abn...

CWE-3452020

CVE-2021-22339

MEDIUM
CVSS:6.5(Medium)

There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. S...

CWE-3452021