PT-2022-1403 · Mozilla+10 · Thunderbird+12

Tavis Ormandy

·

Published

2022-01-11

·

Updated

2025-06-06

·

CVE-2022-22747

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 91.5 Firefox versions prior to 96 Thunderbird versions prior to 91.5
Description The issue is related to the incorrect handling of an empty pkcs7 sequence in certificate data. This could lead to a crash when handling an untrusted certificate, potentially allowing a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted certificate. It is believed that this crash is not exploitable for more severe attacks.
Recommendations For Firefox ESR versions prior to 91.5, update to version 91.5 or later. For Firefox versions prior to 96, update to version 96 or later. For Thunderbird versions prior to 91.5, update to version 91.5 or later.

Exploit

Fix

RCE

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-295

Related Identifiers

ALSA-2022:0129
ALSA-2022:0130
ALT-PU-2022-1022
ALT-PU-2022-1023
ALT-PU-2022-1053
ALT-PU-2022-1078
ALT-PU-2022-1090
ALT-PU-2022-1091
ALT-PU-2022-1097
ALT-PU-2022-1781
ALT-PU-2022-1783
ALT-PU-2022-2458
ALT-PU-2022-2929
ALT-PU-2022-2930
ALT-PU-2023-1138
ALT-PU-2023-1139
ALT-PU-2023-4336
ALT-PU-2023-4339
BDU:2022-00298
CESA-2022_0124
CESA-2022_0127
CESA-2022_0129
CESA-2022_0130
CVE-2022-22747
DLA-2880-1
DLA-2881-1
DLA-2898-1
DSA-5044-1
DSA-5045-1
DSA-5062-1
MGASA-2022-0013
MGASA-2022-0019
OESA-2023-1673
OESA-2023-1674
OESA-2025-1549
OESA-2025-1582
OESA-2025-1583
OPENSUSE-SU-2022:0136-1
OPENSUSE-SU-2022:0199-1
OPENSUSE-SU-2022_0136-1
OPENSUSE-SU-2022_0199-1
OPENSUSE-SU-2024:11732-1
OPENSUSE-SU-2024:11733-1
OPENSUSE-SU-2024:14572-1
RHSA-2022:0123
RHSA-2022:0124
RHSA-2022:0125
RHSA-2022:0126
RHSA-2022:0127
RHSA-2022:0128
RHSA-2022:0129
RHSA-2022:0130
RHSA-2022:0131
RHSA-2022:0132
RHSA-2022_0124
RHSA-2022_0127
RHSA-2022_0129
RHSA-2022_0130
RLSA-2022:0129
RLSA-2022:0130
SUSE-SU-2022:0115-1
SUSE-SU-2022:0136-1
SUSE-SU-2022:0137-1
SUSE-SU-2022:0199-1
SUSE-SU-2022:14880-1
USN-5229-1
USN-5246-1
USN-5248-1
USN-5506-1
USN-5872-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu