PT-2022-1911 · Mozilla+10 · Firefox Esr+12

Hossein Lotfi

Published

2022-03-08

Updated

2024-12-12

CVE-2022-26381

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 98 Firefox ESR versions prior to 91.7 Thunderbird versions prior to 91.7

Description The issue is related to a use-after-free error when handling HTML content, specifically in the context of SVG objects. This can lead to a potentially exploitable crash. An attacker could force a text reflow in an SVG object, causing the use-after-free condition. The vulnerability may allow a remote attacker to execute arbitrary code.

Recommendations For Firefox versions prior to 98, update to version 98 or later. For Firefox ESR versions prior to 91.7, update to version 91.7 or later. For Thunderbird versions prior to 91.7, update to version 91.7 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2022:0818

ALSA-2022:0845

ALT-PU-2022-1450

ALT-PU-2022-1474

ALT-PU-2022-1475

ALT-PU-2022-1482

ALT-PU-2022-1487

ALT-PU-2022-1502

ALT-PU-2022-1519

ALT-PU-2022-1781

ALT-PU-2022-2053

ALT-PU-2022-2458

ALT-PU-2022-2929

ALT-PU-2022-2930

ALT-PU-2023-1138

ALT-PU-2023-1139

ALT-PU-2023-4336

ALT-PU-2023-4339

BDU:2022-01447

CESA-2022_0818

CESA-2022_0824

CESA-2022_0845

CESA-2022_0850

CVE-2022-26381

DLA-2942-1

DLA-2961-1

DSA-5097-1

DSA-5106-1

MGASA-2022-0093

MGASA-2022-0097

OESA-2023-1673

OESA-2023-1674

OPENSUSE-SU-2022:0821-1

OPENSUSE-SU-2022:0906-1

OPENSUSE-SU-2022_0821-1

OPENSUSE-SU-2022_0906-1

OPENSUSE-SU-2024:11908-1

OPENSUSE-SU-2024:11909-1

OPENSUSE-SU-2024:14572-1

RHSA-2022:0815

RHSA-2022:0816

RHSA-2022:0817

RHSA-2022:0818

RHSA-2022:0824

RHSA-2022:0843

RHSA-2022:0845

RHSA-2022:0847

RHSA-2022:0850

RHSA-2022:0853

RHSA-2022_0818

RHSA-2022_0824

RHSA-2022_0845

RHSA-2022_0850

RLSA-2022:0818

RLSA-2022:0845

SUSE-SU-2022:0819-1

SUSE-SU-2022:0821-1

SUSE-SU-2022:0822-1

SUSE-SU-2022:0906-1

SUSE-SU-2022:14906-1

SUSE-SU-2022_0819-1

SUSE-SU-2022_0821-1

SUSE-SU-2022_0822-1

SUSE-SU-2022_0906-1

SUSE-SU-2022_14906-1

USN-5321-1

USN-5321-2

USN-5321-3

USN-5345-1

ZDI-22-502

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2022-1911 · Mozilla+10 · Firefox Esr+12

CVE-2022-26381

Weakness Enumeration

Related Identifiers

Affected Products

References · 2275