Vulnerability Database

310,057

Total vulnerabilities in the database

CVE-2022-22756

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Published: Dec 22, 2022
Updated: Nov 16, 2025
CVE: CVE-2022-22756
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	97.0
mozilla / firefox_esr	-	91.6
mozilla / thunderbird	-	91.6

https://bugzilla.mozilla.org/show_bug.cgi?id=1317873
https://www.mozilla.org/security/advisories/mfsa2022-04/
https://www.mozilla.org/security/advisories/mfsa2022-05/
https://www.mozilla.org/security/advisories/mfsa2022-06/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo