PT-2022-5671 · Mozilla+4 · Firefox+4

Armin Ebert

Published

2022-10-18

Updated

2024-12-12

CVE-2022-42930

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 106

Description The issue is related to synchronization errors when using a shared resource, which could allow a remote attacker to disclose protected information. A data race could occur in the ThirdPartyUtil component if two Workers were simultaneously initializing their CacheStorage.

Recommendations For versions prior to 106, update to version 106 or later to resolve the issue. As a temporary workaround, consider restricting access to shared resources to minimize the risk of exploitation.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2022-2886

ALT-PU-2022-3047

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2022-07066

CVE-2022-42930

OPENSUSE-SU-2024:12429-1

OPENSUSE-SU-2024:14572-1

USN-5709-1

USN-5709-2

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2022-5671 · Mozilla+4 · Firefox+4

CVE-2022-42930

Weakness Enumeration

Related Identifiers

Affected Products

References · 1894