Bug 2111910 (CVE-2022-2505)

Summary: CVE-2022-2505 Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1
Product: [Other] Security Response Reporter: Mauro Matteo Cascella <mcascell>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: erack, jhorak, nobody, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 102.1, thunderbird 102.1 Doc Type: ---
Doc Text:
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developers and the Mozilla Fuzzing Team reporting memory safety bugs in Firefox 102. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-31 00:55:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2108092, 2108093, 2108094, 2108095, 2108096, 2108097, 2108098, 2108099, 2108100, 2108101, 2108111, 2108112, 2108113, 2108114, 2108115, 2108116, 2108118, 2108119, 2108120, 2108123    
Bug Blocks: 2108090    

Description Mauro Matteo Cascella 2022-07-28 12:42:29 UTC
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-2505

Comment 1 errata-xmlrpc 2022-08-01 08:14:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:5766 https://access.redhat.com/errata/RHSA-2022:5766

Comment 2 errata-xmlrpc 2022-08-01 08:54:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:5765 https://access.redhat.com/errata/RHSA-2022:5765

Comment 3 errata-xmlrpc 2022-08-01 09:16:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5767 https://access.redhat.com/errata/RHSA-2022:5767

Comment 4 errata-xmlrpc 2022-08-01 09:22:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:5770 https://access.redhat.com/errata/RHSA-2022:5770

Comment 5 errata-xmlrpc 2022-08-01 09:36:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:5771 https://access.redhat.com/errata/RHSA-2022:5771

Comment 6 errata-xmlrpc 2022-08-01 10:17:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:5769 https://access.redhat.com/errata/RHSA-2022:5769

Comment 7 errata-xmlrpc 2022-08-01 10:31:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:5772 https://access.redhat.com/errata/RHSA-2022:5772

Comment 8 errata-xmlrpc 2022-08-01 10:47:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5778 https://access.redhat.com/errata/RHSA-2022:5778

Comment 9 errata-xmlrpc 2022-08-01 11:41:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5774 https://access.redhat.com/errata/RHSA-2022:5774

Comment 10 errata-xmlrpc 2022-08-01 11:52:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5777 https://access.redhat.com/errata/RHSA-2022:5777

Comment 11 errata-xmlrpc 2022-08-01 11:58:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:5773 https://access.redhat.com/errata/RHSA-2022:5773

Comment 12 errata-xmlrpc 2022-08-01 14:18:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:5776 https://access.redhat.com/errata/RHSA-2022:5776

Comment 13 Product Security DevOps Team 2022-08-31 00:55:52 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2505