Bug 2157739 (CVE-2022-3266)

Summary: CVE-2022-3266 Mozilla: Out of bounds read when decoding H264
Product: [Other] Security Response Reporter: Mauro Matteo Cascella <mcascell>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: erack, gotiwari, jhorak, mvyas, nobody, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 102.3, thunderbird 102.3 Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-04 20:31:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2125993, 2125994, 2125995, 2125996, 2125997, 2125998, 2125999, 2126000, 2126001, 2126002, 2126003, 2126004, 2126012, 2126013, 2126014, 2126015, 2126016, 2126017, 2126018, 2126019, 2126020, 2126021, 2126022, 2126023    
Bug Blocks: 2125991    

Description Mauro Matteo Cascella 2023-01-02 16:15:46 UTC 
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-3266
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3266
Comment 1 Mauro Matteo Cascella 2023-01-03 09:47:39 UTC 
Mozilla upstream states that this issue was fixed in Firefox/Thunderbird version 102.3. The firefox/thunderbird packages as shipped in following Red Hat products were previously updated to a version that contains the fix via the following errata:

firefox in Red Hat Enterprise Linux 7
https://access.redhat.com/errata/RHSA-2022:6711

firefox in Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
https://access.redhat.com/errata/RHSA-2022:6703

firefox in Red Hat Enterprise Linux 8.2 Extended Update Support
https://access.redhat.com/errata/RHSA-2022:6707

firefox in Red Hat Enterprise Linux 8.4 Extended Update Support
https://access.redhat.com/errata/RHSA-2022:6701

firefox in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2022:6702

thunderbird in Red Hat Enterprise Linux 7
https://access.redhat.com/errata/RHSA-2022:6710

thunderbird in Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
https://access.redhat.com/errata/RHSA-2022:6716

thunderbird in Red Hat Enterprise Linux 8.2 Extended Update Support
https://access.redhat.com/errata/RHSA-2022:6715

thunderbird in Red Hat Enterprise Linux 8.4 Extended Update Support
https://access.redhat.com/errata/RHSA-2022:6713

thunderbird in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2022:6708
Comment 2 Product Security DevOps Team 2023-01-04 20:31:36 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-3266