Bug 2128797 (CVE-2022-40962) - CVE-2022-40962 Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3
Summary: CVE-2022-40962 Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox E...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-40962
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2125993 2125994 2125995 2125996 2125997 2125998 2125999 2126000 2126001 2126002 2126003 2126004 2126012 2126013 2126014 2126015 2126016 2126017 2126018 2126019 2126020 2126021 2126022 2126023
Blocks: 2125991
TreeView+ depends on / blocked
 
Reported: 2022-09-21 14:07 UTC by Mauro Matteo Cascella
Modified: 2023-01-04 21:38 UTC (History)
5 users (show)

Fixed In Version: firefox 102.3, thunderbird 102.3
Doc Type: ---
Doc Text:
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developers Nika Layzell, Timothy Nikkel, Jeff Muizelaar, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reporting memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and the presumption that with enough effort, some have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2022-11-28 10:31:12 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:6700 0 None None None 2022-09-26 14:29:03 UTC
Red Hat Product Errata RHSA-2022:6701 0 None None None 2022-09-26 14:12:11 UTC
Red Hat Product Errata RHSA-2022:6702 0 None None None 2022-09-26 14:50:07 UTC
Red Hat Product Errata RHSA-2022:6703 0 None None None 2022-09-26 14:05:00 UTC
Red Hat Product Errata RHSA-2022:6707 0 None None None 2022-09-26 14:58:55 UTC
Red Hat Product Errata RHSA-2022:6708 0 None None None 2022-09-26 15:34:23 UTC
Red Hat Product Errata RHSA-2022:6710 0 None None None 2022-09-26 15:13:05 UTC
Red Hat Product Errata RHSA-2022:6711 0 None None None 2022-09-26 15:16:39 UTC
Red Hat Product Errata RHSA-2022:6713 0 None None None 2022-09-26 14:57:38 UTC
Red Hat Product Errata RHSA-2022:6715 0 None None None 2022-09-26 15:55:35 UTC
Red Hat Product Errata RHSA-2022:6716 0 None None None 2022-09-26 15:39:43 UTC
Red Hat Product Errata RHSA-2022:6717 0 None None None 2022-09-26 16:49:46 UTC

Description Mauro Matteo Cascella 2022-09-21 14:07:35 UTC
Mozilla developers Nika Layzell, Timothy Nikkel, Jeff Muizelaar, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40962

Comment 1 errata-xmlrpc 2022-09-26 14:04:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:6703 https://access.redhat.com/errata/RHSA-2022:6703

Comment 2 errata-xmlrpc 2022-09-26 14:12:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6701 https://access.redhat.com/errata/RHSA-2022:6701

Comment 3 errata-xmlrpc 2022-09-26 14:29:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6700 https://access.redhat.com/errata/RHSA-2022:6700

Comment 4 errata-xmlrpc 2022-09-26 14:50:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6702 https://access.redhat.com/errata/RHSA-2022:6702

Comment 5 errata-xmlrpc 2022-09-26 14:57:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6713 https://access.redhat.com/errata/RHSA-2022:6713

Comment 6 errata-xmlrpc 2022-09-26 14:58:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:6707 https://access.redhat.com/errata/RHSA-2022:6707

Comment 7 errata-xmlrpc 2022-09-26 15:13:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:6710 https://access.redhat.com/errata/RHSA-2022:6710

Comment 8 errata-xmlrpc 2022-09-26 15:16:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:6711 https://access.redhat.com/errata/RHSA-2022:6711

Comment 9 errata-xmlrpc 2022-09-26 15:34:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6708 https://access.redhat.com/errata/RHSA-2022:6708

Comment 10 errata-xmlrpc 2022-09-26 15:39:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:6716 https://access.redhat.com/errata/RHSA-2022:6716

Comment 11 errata-xmlrpc 2022-09-26 15:55:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:6715 https://access.redhat.com/errata/RHSA-2022:6715

Comment 12 errata-xmlrpc 2022-09-26 16:49:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6717 https://access.redhat.com/errata/RHSA-2022:6717

Comment 13 Product Security DevOps Team 2022-11-28 10:31:10 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-40962


Note You need to log in before you can comment on or make changes to this bug.