Bug 2081473 (CVE-2022-29917)
| Summary: | CVE-2022-29917 Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | erack, jhorak, nobody, stransky, tpopela |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 91.9, thunderbird 91.9 | Doc Type: | --- |
| Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as:
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-18 05:15:10 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2078959, 2078960, 2078961, 2078962, 2078963, 2078964, 2078965, 2078966, 2078967, 2078987, 2079747, 2079748, 2079749, 2079750, 2079751, 2079752, 2079753, 2079754, 2079755 | ||
| Bug Blocks: | 2078957 | ||
|
Description
Mauro Matteo Cascella
2022-05-03 20:22:00 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1701 https://access.redhat.com/errata/RHSA-2022:1701 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1704 https://access.redhat.com/errata/RHSA-2022:1704 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1705 https://access.redhat.com/errata/RHSA-2022:1705 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1702 https://access.redhat.com/errata/RHSA-2022:1702 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1703 https://access.redhat.com/errata/RHSA-2022:1703 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1724 https://access.redhat.com/errata/RHSA-2022:1724 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1727 https://access.redhat.com/errata/RHSA-2022:1727 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1726 https://access.redhat.com/errata/RHSA-2022:1726 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1730 https://access.redhat.com/errata/RHSA-2022:1730 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1725 https://access.redhat.com/errata/RHSA-2022:1725 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:4590 https://access.redhat.com/errata/RHSA-2022:4590 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:4589 https://access.redhat.com/errata/RHSA-2022:4589 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-29917 |