CVE-2022-34478: 
NixOS vulnerability analysis and mitigation

CVE-2022-34478 is a security vulnerability affecting Microsoft protocols in Firefox browsers. The vulnerability was discovered by Gijs and disclosed on June 28, 2022. It specifically affects the ms-msdt, search, and search-ms protocols in Firefox on Windows operating systems. The vulnerability received a moderate severity rating (Mozilla Advisory).

The vulnerability involves the ms-msdt, search, and search-ms protocols which deliver content to Microsoft applications, bypassing the browser when a user accepts a prompt. These protocols could be exploited to deliver malicious content to Microsoft applications that have known vulnerabilities. The issue only affects Firefox running on Windows systems, with other operating systems being unaffected (Mozilla Advisory).

If exploited, this vulnerability could allow attackers to deliver malicious content to vulnerable Microsoft applications through Firefox. While there were known vulnerabilities being exploited in the wild through these protocols in Microsoft applications, no exploits specifically through Firefox were reported (Mozilla Advisory).

Mozilla addressed this vulnerability by blocking these protocols from prompting the user to open them in Firefox 102 and Firefox ESR 91.11. For enterprise environments that require these protocols, policy settings can be used to re-enable them (Mozilla Bug).