PT-2022-3644 · Mozilla+8 · Thunderbird+10

Yaniv

·

Published

2022-05-31

·

Updated

2024-12-12

·

CVE-2022-31741

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 101 Firefox ESR versions prior to 91.10 Thunderbird versions prior to 91.10
Description The issue is related to errors during variable initialization, which can be exploited by a remote attacker using a specially crafted message, potentially leading to a denial of service or further memory corruption. A crafted CMS message could be processed incorrectly, resulting in an invalid memory read.
Recommendations For Firefox versions prior to 101, update to version 101 or later. For Firefox ESR versions prior to 91.10, update to version 91.10 or later. For Thunderbird versions prior to 91.10, update to version 91.10 or later.

Exploit

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-457

Related Identifiers

ALT-PU-2022-1988
ALT-PU-2022-1995
ALT-PU-2022-1996
ALT-PU-2022-2000
ALT-PU-2022-2006
ALT-PU-2022-2017
ALT-PU-2022-2031
ALT-PU-2022-2044
ALT-PU-2022-2053
ALT-PU-2022-2458
ALT-PU-2022-2929
ALT-PU-2022-2930
ALT-PU-2023-1138
ALT-PU-2023-1139
ALT-PU-2023-4336
ALT-PU-2023-4339
BDU:2022-04429
CESA-2022_4870
CESA-2022_4872
CESA-2022_4887
CESA-2022_4891
CVE-2022-31741
DLA-3040-1
DLA-3041-1
DSA-5156-1
DSA-5158-1
MGASA-2022-0220
MGASA-2022-0221
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2022_1920-1
OPENSUSE-SU-2022_2062-1
OPENSUSE-SU-2022_2533-1
OPENSUSE-SU-2022_2595-1
OPENSUSE-SU-2024:12117-1
OPENSUSE-SU-2024:12121-1
OPENSUSE-SU-2024:14572-1
RHSA-2022:4870
RHSA-2022:4871
RHSA-2022:4872
RHSA-2022:4873
RHSA-2022:4875
RHSA-2022:4876
RHSA-2022:4887
RHSA-2022:4888
RHSA-2022:4889
RHSA-2022:4890
RHSA-2022:4891
RHSA-2022:4892
RHSA-2022_4870
RHSA-2022_4872
RHSA-2022_4873
RHSA-2022_4887
RHSA-2022_4891
RHSA-2022_4892
RLSA-2022:4872
RLSA-2022:4887
SUSE-SU-2022:1920-1
SUSE-SU-2022:1921-1
SUSE-SU-2022:1927-1
SUSE-SU-2022:2031-1
SUSE-SU-2022:2062-1
SUSE-SU-2022:2533-1
SUSE-SU-2022:2533-2
SUSE-SU-2022:2595-1
SUSE-SU-2022_2031-1
SUSE-SU-2022_2533-1
SUSE-SU-2022_2595-1
USN-5475-1
USN-5512-1

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu