CVE-2022-42928

Published on: Not Yet Published

Last Modified on: 01/04/2023 02:51:00 AM UTC

CVE-2022-42928

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Firefox from Mozilla contain the following vulnerability:

Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106.

CVE-2022-42928 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
Affected Vendor/Software: Mozilla - Thunderbird version < 102.4
Affected Vendor/Software: Mozilla - Firefox ESR version < 102.4
Affected Vendor/Software: Mozilla - Firefox version < 106

CVSS3 Score: 8.8 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	NONE	REQUIRED
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVE References

Description	Tags ^ⓘ	Link
Security Vulnerabilities fixed in Firefox ESR 102.4 — Mozilla	www.mozilla.org text/html	MISC www.mozilla.org/security/advisories/mfsa2022-45/
Security Vulnerabilities fixed in Firefox 106 — Mozilla	www.mozilla.org text/html	MISC www.mozilla.org/security/advisories/mfsa2022-44/
Security Vulnerabilities fixed in Thunderbird 102.4 — Mozilla	www.mozilla.org text/html	MISC www.mozilla.org/security/advisories/mfsa2022-46/
Access Denied	bugzilla.mozilla.org text/html	MISC bugzilla.mozilla.org/show_bug.cgi?id=1791520

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

160158 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-7071)
160172 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-7070)
160177 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-7184)
160181 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-7178)
160183 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-7069)
160184 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-7190)
181149 Debian Security Update for firefox-esr (DSA 5259-1)
181150 Debian Security Update for firefox-esr (DLA 3156-1)
181169 Debian Security Update for thunderbird (DSA 5262-1)
181178 Debian Security Update for thunderbird (DLA 3170-1)
199013 Ubuntu Security Notification for Firefox Vulnerabilities (USN-5709-1)
199024 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5724-1)
240762 Red Hat Update for firefox (RHSA-2022:7068)
240763 Red Hat Update for firefox (RHSA-2022:7072)
240764 Red Hat Update for firefox (RHSA-2022:7071)
240765 Red Hat Update for firefox (RHSA-2022:7069)
240766 Red Hat Update for firefox (RHSA-2022:7070)
240784 Red Hat Update for thunderbird (RHSA-2022:7184)
240786 Red Hat Update for thunderbird (RHSA-2022:7190)
240787 Red Hat Update for thunderbird (RHSA-2022:7178)
240791 Red Hat Update for thunderbird (RHSA-2022:7182)
240792 Red Hat Update for thunderbird (RHSA-2022:7181)
354131 Amazon Linux Security Advisory for thunderbird : ALAS2-2022-1900
377640 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2022-45)
377641 Mozilla Firefox Multiple Vulnerabilities (MFSA2022-44)
377689 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2022-46)
710673 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202210-34)
710676 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202210-35)
752710 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3698-1)
752713 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3719-1)
752720 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3726-1)
752832 SUSE Enterprise Linux Security Update for MozillaThunderbird (SUSE-SU-2022:4085-1)
940702 AlmaLinux Security Update for firefox (ALSA-2022:7070)
940706 AlmaLinux Security Update for firefox (ALSA-2022:7071)
940708 AlmaLinux Security Update for thunderbird (ALSA-2022:7190)
940711 AlmaLinux Security Update for thunderbird (ALSA-2022:7178)
960409 Rocky Linux Security Update for firefox (RLSA-2022:7070)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Firefox	All	All	All	All
Application	Mozilla	Firefox Esr	All	All	All	All
Application	Mozilla	Thunderbird	All	All	All	All

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*:
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*:
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@RedPacketSec	Mozilla Firefox and Firefox ESR code execution \| CVE-2022-42928 - redpacketsecurity.com/mozilla-firefo… #CVE #Vulnerability #OSINT #ThreatIntel #Cyber	2022-10-20 09:01:32
/r/k12cybersecurity	MS-ISAC CYBERSECURITY ADVISORY – Multiple Vulnerabilities in Mozilla Firefox and Firefox ESR Could Allow for Arbitrary Code Execution – PATCH: NOW	2022-10-20 22:01:58
/r/netcve	CVE-2022-42928	2022-12-22 21:39:50