PT-2022-6609 · Mozilla+7 · Thunderbird+9

Willy R. Vasquez

·

Published

2022-09-20

·

Updated

2024-03-13

·

CVE-2022-3266

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 105 Firefox ESR versions prior to 102.3 Thunderbird versions prior to 102.3
Description The issue is related to an out-of-bounds read that occurs when decoding H.264 video, potentially leading to a crash. This can be exploited by an attacker to perform a denial-of-service (DoS) attack using a specially crafted video file.
Recommendations For Firefox versions prior to 105, update to version 105 or later to resolve the issue. For Firefox ESR versions prior to 102.3, update to version 102.3 or later to resolve the issue. For Thunderbird versions prior to 102.3, update to version 102.3 or later to resolve the issue.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2022-2653
ALT-PU-2022-2747
ALT-PU-2022-2752
ALT-PU-2022-2930
ALT-PU-2022-3045
ALT-PU-2022-3046
ALT-PU-2023-1137
ALT-PU-2023-1138
ALT-PU-2023-1139
ALT-PU-2023-4335
ALT-PU-2023-4336
ALT-PU-2023-4339
ALT-PU-2023-5754
ALT-PU-2024-3614
BDU:2023-02783
CESA-2022_6702
CESA-2022_6708
CVE-2022-3266
DLA-3121-1
DLA-3123-1
DSA-5237-1
DSA-5238-1
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2022_3800-1
OPENSUSE-SU-2024:12425-1
RHSA-2022:6700
RHSA-2022:6701
RHSA-2022:6702
RHSA-2022:6703
RHSA-2022:6707
RHSA-2022:6708
RHSA-2022:6710
RHSA-2022:6711
RHSA-2022:6713
RHSA-2022:6715
RHSA-2022:6716
RHSA-2022:6717
RHSA-2022_6700
RHSA-2022_6702
RHSA-2022_6708
RHSA-2022_6710
RHSA-2022_6711
RHSA-2022_6717
SUSE-SU-2022:3800-1
USN-5649-1
USN-5724-1

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu