{"id":"CVE-2022-22754","details":"If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox \u003c 97, Thunderbird \u003c 91.6, and Firefox ESR \u003c 91.6.","modified":"2026-04-16T00:01:18.097750310Z","published":"2022-12-22T20:15:17.897Z","related":["ALSA-2022:0510","ALSA-2022:0535","SUSE-SU-2022:0559-1","SUSE-SU-2022:0565-1","SUSE-SU-2022:0676-1","SUSE-SU-2022:0696-1","SUSE-SU-2022:14896-1","openSUSE-SU-2022:0559-1","openSUSE-SU-2024:11837-1","openSUSE-SU-2024:11842-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1750565"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"97.0"}]},{"events":[{"introduced":"0"},{"fixed":"91.6"}]},{"events":[{"introduced":"0"},{"fixed":"91.6"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-22754.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}