PT-2022-4570 · Mozilla+10 · Thunderbird+13

Published

2022-08-23

Updated

2024-12-12

CVE-2022-38478

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 104 Firefox ESR versions prior to 91.13 and prior to 102.2 Thunderbird versions prior to 91.13 and prior to 102.2

Description The issue is related to a memory safety bug that can lead to memory corruption, potentially allowing a remote attacker to execute arbitrary code by opening a specially crafted malicious web page. The vulnerability is associated with the SpiderMonkey JavaScript engine used in Firefox, Firefox ESR, and Thunderbird.

Recommendations For Firefox versions prior to 104, update to version 104 or later. For Firefox ESR versions prior to 91.13, update to version 91.13 or later. For Firefox ESR versions prior to 102.2, update to version 102.2 or later. For Thunderbird versions prior to 91.13, update to version 91.13 or later. For Thunderbird versions prior to 102.2, update to version 102.2 or later.

Exploit

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-120

Related Identifiers

ALSA-2022:6164

ALSA-2022:6165

ALSA-2022:6174

ALSA-2022:6175

ALT-PU-2022-2481

ALT-PU-2022-2496

ALT-PU-2022-2515

ALT-PU-2022-2929

ALT-PU-2022-2930

ALT-PU-2022-2931

ALT-PU-2023-1137

ALT-PU-2023-1138

ALT-PU-2023-1139

ALT-PU-2023-4335

ALT-PU-2023-4336

ALT-PU-2023-4339

ALT-PU-2023-5754

ALT-PU-2024-3614

BDU:2022-05447

CESA-2022_6164

CESA-2022_6169

CESA-2022_6175

CESA-2022_6179

CVE-2022-38478

DLA-3080-1

DLA-3097-1

DSA-5217-1

DSA-5221-1

MGASA-2022-0309

MGASA-2022-0315

OESA-2023-1673

OESA-2023-1674

OPENSUSE-SU-2022_3030-1

OPENSUSE-SU-2022_3281-1

OPENSUSE-SU-2022_3396-1

OPENSUSE-SU-2024:12286-1

OPENSUSE-SU-2024:12287-1

OPENSUSE-SU-2024:14572-1

RHSA-2022:6164

RHSA-2022:6165

RHSA-2022:6166

RHSA-2022:6167

RHSA-2022:6168

RHSA-2022:6169

RHSA-2022:6174

RHSA-2022:6175

RHSA-2022:6176

RHSA-2022:6177

RHSA-2022:6178

RHSA-2022:6179

RHSA-2022_6164

RHSA-2022_6165

RHSA-2022_6169

RHSA-2022_6174

RHSA-2022_6175

RHSA-2022_6179

RLSA-2022:6164

RLSA-2022:6175

SUSE-SU-2022:2984-1

SUSE-SU-2022:3007-1

SUSE-SU-2022:3030-1

SUSE-SU-2022:3272-1

SUSE-SU-2022:3273-1

SUSE-SU-2022:3281-1

SUSE-SU-2022:3396-1

USN-5581-1

USN-5663-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Rocky Linux

Spidermonkey Javascript Engine

Suse

Thunderbird

Ubuntu

PT-2022-4570 · Mozilla+10 · Thunderbird+13

CVE-2022-38478

Weakness Enumeration

Related Identifiers

Affected Products

References · 2294