Bug 2111910 (CVE-2022-2505) - CVE-2022-2505 Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1
Summary: CVE-2022-2505 Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-2505
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2108092 2108093 2108094 2108095 2108096 2108097 2108098 2108099 2108100 2108101 2108111 2108112 2108113 2108114 2108115 2108116 2108118 2108119 2108120 2108123
Blocks: 2108090
TreeView+ depends on / blocked
 
Reported: 2022-07-28 12:42 UTC by Mauro Matteo Cascella
Modified: 2023-01-04 21:39 UTC (History)
5 users (show)

Fixed In Version: firefox 102.1, thunderbird 102.1
Doc Type: ---
Doc Text:
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developers and the Mozilla Fuzzing Team reporting memory safety bugs in Firefox 102. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2022-08-31 00:55:54 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:5765 0 None None None 2022-08-01 08:54:02 UTC
Red Hat Product Errata RHSA-2022:5766 0 None None None 2022-08-01 08:14:48 UTC
Red Hat Product Errata RHSA-2022:5767 0 None None None 2022-08-01 09:16:20 UTC
Red Hat Product Errata RHSA-2022:5769 0 None None None 2022-08-01 10:17:38 UTC
Red Hat Product Errata RHSA-2022:5770 0 None None None 2022-08-01 09:23:01 UTC
Red Hat Product Errata RHSA-2022:5771 0 None None None 2022-08-01 09:36:46 UTC
Red Hat Product Errata RHSA-2022:5772 0 None None None 2022-08-01 10:31:05 UTC
Red Hat Product Errata RHSA-2022:5773 0 None None None 2022-08-01 11:58:58 UTC
Red Hat Product Errata RHSA-2022:5774 0 None None None 2022-08-01 11:41:05 UTC
Red Hat Product Errata RHSA-2022:5776 0 None None None 2022-08-01 14:18:04 UTC
Red Hat Product Errata RHSA-2022:5777 0 None None None 2022-08-01 11:52:13 UTC
Red Hat Product Errata RHSA-2022:5778 0 None None None 2022-08-01 10:47:08 UTC

Description Mauro Matteo Cascella 2022-07-28 12:42:29 UTC 
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-2505
Comment 1 errata-xmlrpc 2022-08-01 08:14:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:5766 https://access.redhat.com/errata/RHSA-2022:5766
Comment 2 errata-xmlrpc 2022-08-01 08:54:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:5765 https://access.redhat.com/errata/RHSA-2022:5765
Comment 3 errata-xmlrpc 2022-08-01 09:16:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5767 https://access.redhat.com/errata/RHSA-2022:5767
Comment 4 errata-xmlrpc 2022-08-01 09:22:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:5770 https://access.redhat.com/errata/RHSA-2022:5770
Comment 5 errata-xmlrpc 2022-08-01 09:36:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:5771 https://access.redhat.com/errata/RHSA-2022:5771
Comment 6 errata-xmlrpc 2022-08-01 10:17:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:5769 https://access.redhat.com/errata/RHSA-2022:5769
Comment 7 errata-xmlrpc 2022-08-01 10:31:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:5772 https://access.redhat.com/errata/RHSA-2022:5772
Comment 8 errata-xmlrpc 2022-08-01 10:47:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:5778 https://access.redhat.com/errata/RHSA-2022:5778
Comment 9 errata-xmlrpc 2022-08-01 11:41:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5774 https://access.redhat.com/errata/RHSA-2022:5774
Comment 10 errata-xmlrpc 2022-08-01 11:52:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5777 https://access.redhat.com/errata/RHSA-2022:5777
Comment 11 errata-xmlrpc 2022-08-01 11:58:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:5773 https://access.redhat.com/errata/RHSA-2022:5773
Comment 12 errata-xmlrpc 2022-08-01 14:18:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:5776 https://access.redhat.com/errata/RHSA-2022:5776
Comment 13 Product Security DevOps Team 2022-08-31 00:55:52 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2505
Note You need to log in before you can comment on or make changes to this bug.