Compromised server could trick a browser into an addon downgrade - CVE-2022-34471ID: oval:org.secpod.oval:def:81803 | Date: (C)2022-06-30 (M)2023-11-19 |
Class: VULNERABILITY | Family: macos |
Mozilla Firefox 102.0 : When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS X 10.10 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.15 |
Apple Mac OS 11 |
Apple Mac OS 12 |