Search for vulnerabilities
Vulnerability details: VCID-svsu-9tu4-cuab
Vulnerability ID VCID-svsu-9tu4-cuab
Aliases CVE-2022-46874
Summary A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-222 Truncation of Security-relevant Information
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46874.json
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2022-46874
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46874
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-51
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-52
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-54
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46874.json
https://api.first.org/data/v1/epss?cve=CVE-2022-46874
https://bugzilla.mozilla.org/show_bug.cgi?id=1746139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46882
https://www.mozilla.org/security/advisories/mfsa2022-54/
2153449 https://bugzilla.redhat.com/show_bug.cgi?id=2153449
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2022-46874 https://nvd.nist.gov/vuln/detail/CVE-2022-46874
mfsa2022-51 https://www.mozilla.org/en-US/security/advisories/mfsa2022-51
mfsa2022-52 https://www.mozilla.org/en-US/security/advisories/mfsa2022-52
mfsa2022-54 https://www.mozilla.org/en-US/security/advisories/mfsa2022-54
RHSA-2022:9065 https://access.redhat.com/errata/RHSA-2022:9065
RHSA-2022:9066 https://access.redhat.com/errata/RHSA-2022:9066
RHSA-2022:9067 https://access.redhat.com/errata/RHSA-2022:9067
RHSA-2022:9068 https://access.redhat.com/errata/RHSA-2022:9068
RHSA-2022:9069 https://access.redhat.com/errata/RHSA-2022:9069
RHSA-2022:9070 https://access.redhat.com/errata/RHSA-2022:9070
RHSA-2022:9071 https://access.redhat.com/errata/RHSA-2022:9071
RHSA-2022:9072 https://access.redhat.com/errata/RHSA-2022:9072
RHSA-2022:9074 https://access.redhat.com/errata/RHSA-2022:9074
RHSA-2022:9075 https://access.redhat.com/errata/RHSA-2022:9075
RHSA-2022:9076 https://access.redhat.com/errata/RHSA-2022:9076
RHSA-2022:9077 https://access.redhat.com/errata/RHSA-2022:9077
RHSA-2022:9078 https://access.redhat.com/errata/RHSA-2022:9078
RHSA-2022:9079 https://access.redhat.com/errata/RHSA-2022:9079
RHSA-2022:9080 https://access.redhat.com/errata/RHSA-2022:9080
RHSA-2022:9081 https://access.redhat.com/errata/RHSA-2022:9081
USN-5782-1 https://usn.ubuntu.com/5782-1/
USN-5824-1 https://usn.ubuntu.com/5824-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46874.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46874
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.46567
EPSS Score 0.00236
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:10:05.548314+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2022/mfsa2022-52.yml 37.0.0