Vulnerability CVE-2022-22751: Information

Description

Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-22751
Published: Dec. 22, 2022
Modified: Dec. 30, 2022
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus96.0-alt1125.0.2-alt1ALT-PU-2022-1053-1293406Fixed
firefoxp10105.0.1-alt0.p10.1118.0.2-alt0.p10.1ALT-PU-2022-2930-1307737Fixed
firefoxp9105.0.1-alt0.c9.1105.0.1-alt0.c9.1ALT-PU-2023-4339-1319683Fixed
firefoxc10f1105.0.1-alt0.p10.1112.0.2-alt0.p10.1ALT-PU-2022-2930-1307737Fixed
firefoxc9f2105.0.1-alt0.c9.1105.0.1-alt0.c9.1ALT-PU-2023-1139-1309126Fixed
firefox-esrsisyphus91.5.0-alt1115.10.0-alt1ALT-PU-2022-1022-1293330Fixed
firefox-esrp1091.5.0-alt1115.10.0-alt1ALT-PU-2022-1078-1293339Fixed
firefox-esrp991.7.0-alt0.p9.1102.11.0-alt0.c9.1ALT-PU-2022-1781-1288073Fixed
firefox-esrc10f191.5.0-alt1115.9.1-alt0.c10.1ALT-PU-2022-1078-1293339Fixed
firefox-esrc9f291.5.0-alt0.c9.1102.12.0-alt0.c9.1ALT-PU-2022-1090-1293342Fixed
thunderbirdsisyphus91.5.0-alt1115.9.0-alt1ALT-PU-2022-1023-1293351Fixed
thunderbirdp1091.5.0-alt1115.9.0-alt1ALT-PU-2022-1097-1293378Fixed
thunderbirdp991.6.0-alt0.p9.1102.11.0-alt0.c9.1ALT-PU-2022-1783-1288073Fixed
thunderbirdc10f191.5.0-alt1115.9.0-alt0.c10.1ALT-PU-2022-1097-1293378Fixed
thunderbirdc9f291.5.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2022-1091-1293389Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2022-02/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-01/
  • Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664149%2C1737816%2C1739366%2C1740274%2C1740797%2C1741201%2C1741869%2C1743221%2C1743515%2C1745373%2C1746011
  • Issue Tracking
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-03/
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      96.0
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      91.5
      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      91.5
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top