Bug 2153454 (CVE-2022-46878)

Summary:	CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6
Product:	[Other] Security Response	Reporter:	Mauro Matteo Cascella <mcascell>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED ERRATA	QA Contact:
Severity:	high	Docs Contact:
Priority:	high
Version:	unspecified	CC:	erack, jhorak, nobody, stransky, tpopela
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	firefox 102.6, thunderbird 102.6	Doc Type:	---
Doc Text:	The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107 and Firefox ESR 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	Story Points:	---
Clone Of:		Environment:
Last Closed:	2022-12-16 12:48:01 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	2151151, 2151152, 2151153, 2151154, 2151155, 2151156, 2151157, 2151158, 2151159, 2151160, 2151161, 2151176, 2151177, 2151178, 2151179, 2151180, 2151181, 2151182, 2151183, 2151184, 2151185, 2151186
Bug Blocks:	2151149

Description Mauro Matteo Cascella 2022-12-14 15:58:33 UTC

Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107 and Firefox ESR 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46878

Comment 1 errata-xmlrpc 2022-12-15 15:42:53 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:9066 https://access.redhat.com/errata/RHSA-2022:9066

Comment 2 errata-xmlrpc 2022-12-15 15:43:15 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:9065 https://access.redhat.com/errata/RHSA-2022:9065

Comment 3 errata-xmlrpc 2022-12-15 15:52:15 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:9067 https://access.redhat.com/errata/RHSA-2022:9067

Comment 4 errata-xmlrpc 2022-12-15 15:52:40 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2022:9068 https://access.redhat.com/errata/RHSA-2022:9068

Comment 5 errata-xmlrpc 2022-12-15 16:04:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:9071 https://access.redhat.com/errata/RHSA-2022:9071

Comment 6 errata-xmlrpc 2022-12-15 16:05:19 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:9069 https://access.redhat.com/errata/RHSA-2022:9069

Comment 7 errata-xmlrpc 2022-12-15 16:05:38 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:9070 https://access.redhat.com/errata/RHSA-2022:9070

Comment 8 errata-xmlrpc 2022-12-15 16:14:46 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:9072 https://access.redhat.com/errata/RHSA-2022:9072

Comment 9 errata-xmlrpc 2022-12-15 16:15:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:9077 https://access.redhat.com/errata/RHSA-2022:9077

Comment 10 errata-xmlrpc 2022-12-15 16:17:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:9075 https://access.redhat.com/errata/RHSA-2022:9075

Comment 11 errata-xmlrpc 2022-12-15 16:18:32 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:9076 https://access.redhat.com/errata/RHSA-2022:9076

Comment 12 errata-xmlrpc 2022-12-15 16:24:21 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:9080 https://access.redhat.com/errata/RHSA-2022:9080

Comment 13 errata-xmlrpc 2022-12-15 16:25:29 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2022:9078 https://access.redhat.com/errata/RHSA-2022:9078

Comment 14 errata-xmlrpc 2022-12-15 16:27:25 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:9081 https://access.redhat.com/errata/RHSA-2022:9081

Comment 15 errata-xmlrpc 2022-12-15 16:27:52 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:9074 https://access.redhat.com/errata/RHSA-2022:9074

Comment 16 errata-xmlrpc 2022-12-15 16:28:18 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:9079 https://access.redhat.com/errata/RHSA-2022:9079

Comment 17 Product Security DevOps Team 2022-12-16 12:47:59 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-46878