Bug 2120695 (CVE-2022-38477)
| Summary: | CVE-2022-38477 Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | erack, jhorak, nobody, stransky, tpopela |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 102.2 | Doc Type: | --- |
| Doc Text: |
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developer Nika Layzell and the Mozilla Fuzzing Team, reporting memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-09-02 21:55:46 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2119731, 2119732, 2119733, 2119734, 2119735, 2119736, 2119737, 2119738, 2119739, 2119740, 2119745, 2119746, 2119747, 2119748, 2119749, 2119750, 2119751, 2119752, 2119753, 2119754 | ||
| Bug Blocks: | 2119729 | ||
|
Description
Mauro Matteo Cascella
2022-08-23 14:45:04 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6165 https://access.redhat.com/errata/RHSA-2022:6165 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:6166 https://access.redhat.com/errata/RHSA-2022:6166 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:6168 https://access.redhat.com/errata/RHSA-2022:6168 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:6167 https://access.redhat.com/errata/RHSA-2022:6167 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:6176 https://access.redhat.com/errata/RHSA-2022:6176 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:6178 https://access.redhat.com/errata/RHSA-2022:6178 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6174 https://access.redhat.com/errata/RHSA-2022:6174 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6164 https://access.redhat.com/errata/RHSA-2022:6164 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6175 https://access.redhat.com/errata/RHSA-2022:6175 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:6177 https://access.redhat.com/errata/RHSA-2022:6177 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:6169 https://access.redhat.com/errata/RHSA-2022:6169 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:6179 https://access.redhat.com/errata/RHSA-2022:6179 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-38477 |