Bug 2082038 (CVE-2022-29913)

Summary: CVE-2022-29913 Mozilla: Speech Synthesis feature not properly disabled
Product: [Other] Security Response Reporter: Mauro Matteo Cascella <mcascell>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: erack, jhorak, nobody, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: thunderbird 91.9 Doc Type: ---
Doc Text:
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this issue of the parent process not properly checking whether the Speech Synthesis feature is enabled when receiving instructions from a child process.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-18 05:16:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2079747, 2079748, 2079749, 2079750, 2079751, 2079752, 2079753, 2079754, 2079755    
Bug Blocks: 2079745    

Description Mauro Matteo Cascella 2022-05-05 09:30:36 UTC 
The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process.


External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29913
Comment 1 errata-xmlrpc 2022-05-05 13:32:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1724 https://access.redhat.com/errata/RHSA-2022:1724
Comment 2 errata-xmlrpc 2022-05-05 13:48:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1727 https://access.redhat.com/errata/RHSA-2022:1727
Comment 3 errata-xmlrpc 2022-05-05 13:59:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1726 https://access.redhat.com/errata/RHSA-2022:1726
Comment 4 errata-xmlrpc 2022-05-05 14:03:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1730 https://access.redhat.com/errata/RHSA-2022:1730
Comment 5 errata-xmlrpc 2022-05-05 14:32:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1725 https://access.redhat.com/errata/RHSA-2022:1725
Comment 6 errata-xmlrpc 2022-05-18 01:27:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4589 https://access.redhat.com/errata/RHSA-2022:4589
Comment 7 Product Security DevOps Team 2022-05-18 05:16:41 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-29913