Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684739%2C1706441%2C1753298%2C1762614%2C1762620%2C1764778 | Exploit Issue Tracking Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2022-16/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2022-17/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2022-18/ | Vendor Advisory |
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684739%2C1706441%2C1753298%2C1762614%2C1762620%2C1764778 | Exploit Issue Tracking Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2022-16/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2022-17/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2022-18/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684739%2C1706441%2C1753298%2C1762614%2C1762620%2C1764778 - Exploit, Issue Tracking, Vendor Advisory | |
References | () https://www.mozilla.org/security/advisories/mfsa2022-16/ - Vendor Advisory | |
References | () https://www.mozilla.org/security/advisories/mfsa2022-17/ - Vendor Advisory | |
References | () https://www.mozilla.org/security/advisories/mfsa2022-18/ - Vendor Advisory |
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-787 | |
References | (MISC) https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684739%2C1706441%2C1753298%2C1762614%2C1762620%2C1764778 - Exploit, Issue Tracking, Vendor Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2022-18/ - Vendor Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2022-17/ - Vendor Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2022-16/ - Vendor Advisory |
22 Dec 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-22 20:15
Updated : 2024-11-21 06:59
NVD link : CVE-2022-29917
Mitre link : CVE-2022-29917
CVE.ORG link : CVE-2022-29917
JSON object : View
Products Affected
mozilla
- firefox_esr
- firefox
- thunderbird
CWE
CWE-787
Out-of-bounds Write