Bug 2092026 (CVE-2022-31747)
| Summary: | CVE-2022-31747 Mozilla: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | erack, jhorak, nobody, stransky, tpopela |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 91.10, thunderbird 91.10 | Doc Type: | --- |
| Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as:
Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-06-03 20:32:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2089648, 2089649, 2089650, 2089651, 2089652, 2089653, 2089654, 2089655, 2089656, 2089665, 2089666, 2089667, 2089669, 2089670, 2089671, 2089672, 2089673, 2089674, 2091924, 2091925 | ||
| Bug Blocks: | 2089646 | ||
|
Description
Mauro Matteo Cascella
2022-05-31 14:45:04 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:4870 https://access.redhat.com/errata/RHSA-2022:4870 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:4876 https://access.redhat.com/errata/RHSA-2022:4876 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:4875 https://access.redhat.com/errata/RHSA-2022:4875 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:4873 https://access.redhat.com/errata/RHSA-2022:4873 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:4872 https://access.redhat.com/errata/RHSA-2022:4872 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:4871 https://access.redhat.com/errata/RHSA-2022:4871 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:4889 https://access.redhat.com/errata/RHSA-2022:4889 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:4891 https://access.redhat.com/errata/RHSA-2022:4891 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:4888 https://access.redhat.com/errata/RHSA-2022:4888 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:4887 https://access.redhat.com/errata/RHSA-2022:4887 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:4892 https://access.redhat.com/errata/RHSA-2022:4892 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:4890 https://access.redhat.com/errata/RHSA-2022:4890 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-31747 |