CVE-2022-40960
Summary
| CVE | CVE-2022-40960 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-12-22 20:15:00 UTC |
|---|
| Updated | 2023-01-04 03:22:00 UTC |
|---|
| Description | Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. |
|---|
NVD Known Affected Configurations (CPE 2.3)
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160114 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-6708)
- 160115 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-6702)
- 160116 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-6717)
- 160117 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-6700)
- 160176 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-6710)
- 160179 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-6711)
- 181074 Debian Security Update for firefox-esr (DSA 5237-1)
- 181076 Debian Security Update for firefox-esr (DLA 3121-1)
- 181078 Debian Security Update for thunderbird (DLA 3123-1)
- 181080 Debian Security Update for thunderbird (DSA 5238-1)
- 183454 Debian Security Update for firefox-esrthunderbird (CVE-2022-40960)
- 198968 Ubuntu Security Notification for Firefox Vulnerabilities (USN-5649-1)
- 199024 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5724-1)
- 240687 Red Hat Update for thunderbird (RHSA-2022:6708)
- 240688 Red Hat Update for thunderbird (RHSA-2022:6713)
- 240689 Red Hat Update for firefox (RHSA-2022:6700)
- 240690 Red Hat Update for firefox (RHSA-2022:6707)
- 240691 Red Hat Update for thunderbird (RHSA-2022:6717)
- 240692 Red Hat Update for firefox (RHSA-2022:6702)
- 240693 Red Hat Update for thunderbird (RHSA-2022:6710)
- 240694 Red Hat Update for thunderbird (RHSA-2022:6715)
- 240695 Red Hat Update for firefox (RHSA-2022:6711)
- 240696 Red Hat Update for firefox (RHSA-2022:6701)
- 354131 Amazon Linux Security Advisory for thunderbird : ALAS2-2022-1900
- 356274 Amazon Linux Security Advisory for firefox : ALASFIREFOX-2023-010
- 356488 Amazon Linux Security Advisory for firefox : ALAS2FIREFOX-2023-010
- 377599 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2022-41)
- 377600 Mozilla Firefox Multiple Vulnerabilities (MFSA2022-40)
- 377602 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2022-42)
- 503450 Alpine Linux Security Update for firefox-esr
- 506058 Alpine Linux Security Update for firefox-esr
- 710629 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202209-27)
- 710635 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202209-18)
- 752611 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3396-1)
- 752626 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3440-1)
- 752627 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3441-1)
- 753237 SUSE Enterprise Linux Security Update for MozillaThunderbird (SUSE-SU-2022:3800-1)
- 940675 AlmaLinux Security Update for firefox (ALSA-2022:6702)
- 940676 AlmaLinux Security Update for thunderbird (ALSA-2022:6708)
- 940683 AlmaLinux Security Update for firefox (ALSA-2022:6700)
- 940694 AlmaLinux Security Update for thunderbird (ALSA-2022:6717)
- 960288 Rocky Linux Security Update for firefox (RLSA-2022:6702)
- 960388 Rocky Linux Security Update for thunderbird (RLSA-2022:6708)
