CVE-2022-34484

Summary

CVE	CVE-2022-34484
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-12-22 20:15:00 UTC
Updated	2023-08-08 14:21:00 UTC
Description	The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Risk And Classification

Problem Types: CWE-416

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Firefox	All	All	All	All
Application	Mozilla	Firefox Esr	All	All	All	All
Application	Mozilla	Thunderbird	All	All	All	All

References

Reference	Source	Link	Tags
Security Vulnerabilities fixed in Thunderbird 91.11 and Thunderbird 102 — Mozilla	MISC	www.mozilla.org
Bug List	MISC	bugzilla.mozilla.org
Security Vulnerabilities fixed in Firefox 102 — Mozilla	MISC	www.mozilla.org
Security Vulnerabilities fixed in Firefox ESR 91.11 — Mozilla	MISC	www.mozilla.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159951 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-5469)
159952 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-5480)
159954 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-5470)
159955 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-5479)
159963 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-5481)
159964 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-5482)
179976 Debian Security Update for firefox-esr (DSA 5172-1)
180180 Debian Security Update for firefox-esr (DLA 3064-1)
180807 Debian Security Update for thunderbird (DSA 5175-1)
182301 Debian Security Update for firefox-esrthunderbird (CVE-2022-34484)
198849 Ubuntu Security Notification for Firefox Vulnerabilities (USN-5504-1)
198859 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5512-1)
240507 Red Hat Update for thunderbird (RHSA-2022:5473)
240512 Red Hat Update for firefox (RHSA-2022:5469)
240513 Red Hat Update for firefox (RHSA-2022:5472)
240515 Red Hat Update for thunderbird (RHSA-2022:5470)
240517 Red Hat Update for firefox (RHSA-2022:5481)
240519 Red Hat Update for thunderbird (RHSA-2022:5480)
240520 Red Hat Update for firefox (RHSA-2022:5479)
240521 Red Hat Update for firefox (RHSA-2022:5474)
240525 Red Hat Update for thunderbird (RHSA-2022:5475)
240526 Red Hat Update for thunderbird (RHSA-2022:5482)
257173 CentOS Security Update for firefox (CESA-2022:5479)
257175 CentOS Security Update for thunderbird (CESA-2022:5480)
296082 Oracle Solaris 11.4 Support Repository Update (SRU) 48.126.1 Missing (CPUJUL2022)
354760 Amazon Linux Security Advisory for thunderbird : ALAS2-2023-1951
356198 Amazon Linux Security Advisory for firefox : ALASFIREFOX-2023-013
376705 Mozilla Firefox Multiple Vulnerabilities (MFSA2022-24)
376706 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2022-25)
376707 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2022-26)
502285 Alpine Linux Security Update for firefox-esr
502406 Alpine Linux Security Update for thunderbird
502853 Alpine Linux Security Update for firefox
502957 Alpine Linux Security Update for thunderbird
502958 Alpine Linux Security Update for thunderbird
504811 Alpine Linux Security Update for firefox-esr
505737 Alpine Linux Security Update for firefox
505823 Alpine Linux Security Update for thunderbird
505824 Alpine Linux Security Update for thunderbird
710582 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202208-08)
710585 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202208-14)
752304 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:2279-1)
752306 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:2289-1)
752316 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:2313-1)
752583 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3273-1)
752590 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3272-1)
752611 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3396-1)
753189 SUSE Enterprise Linux Security Update for MozillaThunderbird (SUSE-SU-2022:3281-1)
753371 SUSE Enterprise Linux Security Update for MozillaThunderbird (SUSE-SU-2022:2320-1)
940630 AlmaLinux Security Update for thunderbird (ALSA-2022:5482)
960144 Rocky Linux Security Update for firefox (RLSA-2022:5469)
960153 Rocky Linux Security Update for thunderbird (RLSA-2022:5470)