SSD Advisory – MacOS Mozilla Firefox Download Protections were bypassed by .atloc / .ftploc Files
Summary A vulnerability in Mozilla Firefox has been found to not show an executable file warning when downloading .atloc and .ftploc files, which can run commands on a user’s computer. Credit Dohyun Lee, working for SSD Labs Korea. CVE CVE-2022-46875 Vendor Response The vendor has released patches available at: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/ Technical Analysis A vulnerability in …
