PT-2022-1395 · Mozilla+10 · Thunderbird+12

Irvan Kurniawan

·

Published

2022-01-11

·

Updated

2024-12-12

·

CVE-2022-22742

CVSS v2.0

7.6

High

VectorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 96 Firefox ESR versions prior to 91.5 Thunderbird versions prior to 91.5
Description The issue is related to out-of-bounds memory access, potentially leading to a crash when inserting certain characters while in edit mode. This could allow a remote attacker to initiate unauthorized writing and execution of arbitrary code in the target system.
Recommendations For Firefox versions prior to 96, update to version 96 or later. For Firefox ESR versions prior to 91.5, update to version 91.5 or later. For Thunderbird versions prior to 91.5, update to version 91.5 or later.

Exploit

Fix

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALSA-2022:0129
ALSA-2022:0130
ALT-PU-2022-1022
ALT-PU-2022-1023
ALT-PU-2022-1053
ALT-PU-2022-1078
ALT-PU-2022-1090
ALT-PU-2022-1091
ALT-PU-2022-1097
ALT-PU-2022-1781
ALT-PU-2022-1783
ALT-PU-2022-2458
ALT-PU-2022-2929
ALT-PU-2022-2930
ALT-PU-2023-1138
ALT-PU-2023-1139
ALT-PU-2023-4336
ALT-PU-2023-4339
BDU:2022-00289
CESA-2022_0124
CESA-2022_0127
CESA-2022_0129
CESA-2022_0130
CVE-2022-22742
DLA-2880-1
DLA-2881-1
DSA-5044-1
DSA-5045-1
MGASA-2022-0013
MGASA-2022-0019
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2022:0136-1
OPENSUSE-SU-2022:0199-1
OPENSUSE-SU-2022_0136-1
OPENSUSE-SU-2022_0199-1
OPENSUSE-SU-2024:11732-1
OPENSUSE-SU-2024:11733-1
OPENSUSE-SU-2024:14572-1
RHSA-2022:0123
RHSA-2022:0124
RHSA-2022:0125
RHSA-2022:0126
RHSA-2022:0127
RHSA-2022:0128
RHSA-2022:0129
RHSA-2022:0130
RHSA-2022:0131
RHSA-2022:0132
RHSA-2022_0124
RHSA-2022_0127
RHSA-2022_0129
RHSA-2022_0130
RLSA-2022:0129
RLSA-2022:0130
SUSE-SU-2022:0115-1
SUSE-SU-2022:0136-1
SUSE-SU-2022:0137-1
SUSE-SU-2022:0199-1
SUSE-SU-2022:14880-1
USN-5229-1
USN-5246-1
USN-5248-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu