PT-2022-5487 · Mozilla+9 · Firefox Esr+11

Samuel Groß

Published

2022-11-15

Updated

2024-12-12

CVE-2022-45406

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 107 Firefox ESR versions prior to 102.5 Thunderbird versions prior to 102.5

Description The issue is related to the use of memory after it has been freed when processing JavaScript code, potentially leading to a crash that could be exploited by a remote attacker. This could occur if an out-of-memory condition happens when creating a JavaScript global, causing a JavaScript realm to be deleted while references to it still exist in a BaseShape, resulting in a use-after-free situation.

Recommendations For Firefox versions prior to 107, update to version 107 or later to resolve the issue. For Firefox ESR versions prior to 102.5, update to version 102.5 or later to resolve the issue. For Thunderbird versions prior to 102.5, update to version 102.5 or later to resolve the issue.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2022:8547

ALSA-2022:8554

ALSA-2022:8561

ALSA-2022:8580

ALT-PU-2022-3090

ALT-PU-2022-3097

ALT-PU-2022-3099

ALT-PU-2022-3209

ALT-PU-2022-3270

ALT-PU-2022-3340

ALT-PU-2023-1137

ALT-PU-2023-1138

ALT-PU-2023-4335

ALT-PU-2023-4336

ALT-PU-2023-5754

ALT-PU-2024-3614

BDU:2022-06816

CESA-2022_8547

CESA-2022_8552

CESA-2022_8554

CESA-2022_8555

CVE-2022-45406

DLA-3196-1

DLA-3199-1

DSA-5282-1

DSA-5284-1

MGASA-2022-0427

MGASA-2022-0428

OESA-2024-1859

OPENSUSE-SU-2022_4058-1

OPENSUSE-SU-2022_4085-1

OPENSUSE-SU-2024:12518-1

OPENSUSE-SU-2024:12519-1

OPENSUSE-SU-2024:12532-1

OPENSUSE-SU-2024:14572-1

RHSA-2022:8543

RHSA-2022:8544

RHSA-2022:8545

RHSA-2022:8547

RHSA-2022:8548

RHSA-2022:8549

RHSA-2022:8550

RHSA-2022:8552

RHSA-2022:8553

RHSA-2022:8554

RHSA-2022:8555

RHSA-2022:8556

RHSA-2022:8561

RHSA-2022:8580

RHSA-2022:8979

RHSA-2022:8980

RHSA-2022_8547

RHSA-2022_8552

RHSA-2022_8554

RHSA-2022_8555

RHSA-2022_8561

RHSA-2022_8580

RLSA-2022:8547

RLSA-2022:8554

SUSE-SU-2022:4058-1

SUSE-SU-2022:4083-1

SUSE-SU-2022:4085-1

SUSE-SU-2022:4247-1

USN-5726-1

USN-5824-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2022-5487 · Mozilla+9 · Firefox Esr+11

CVE-2022-45406

Weakness Enumeration

Related Identifiers

Affected Products

References · 2016