Bug 2072566 (CVE-2022-28289)
| Summary: | CVE-2022-28289 Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | erack, jhorak, nobody, stransky, tpopela |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 91.8, thunderbird 91.8 | Doc Type: | If docs needed, set a value |
| Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as:
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98 and Firefox ESR 91.7. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-04-12 18:26:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2069596, 2069597, 2069598, 2069599, 2069600, 2069601, 2069602, 2069603, 2069604, 2069610, 2072587, 2072588, 2072589, 2072590, 2072591, 2072592, 2072593, 2072594, 2072595 | ||
| Bug Blocks: | 2069594 | ||
|
Description
Mauro Matteo Cascella
2022-04-06 14:18:35 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1283 https://access.redhat.com/errata/RHSA-2022:1283 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1286 https://access.redhat.com/errata/RHSA-2022:1286 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1287 https://access.redhat.com/errata/RHSA-2022:1287 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1285 https://access.redhat.com/errata/RHSA-2022:1285 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1284 https://access.redhat.com/errata/RHSA-2022:1284 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1303 https://access.redhat.com/errata/RHSA-2022:1303 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1301 https://access.redhat.com/errata/RHSA-2022:1301 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1305 https://access.redhat.com/errata/RHSA-2022:1305 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1302 https://access.redhat.com/errata/RHSA-2022:1302 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1326 https://access.redhat.com/errata/RHSA-2022:1326 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-28289 |