Bug 2143202 (CVE-2022-45409) - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection
Summary: CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-45409
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Red Hat2141544 Red Hat2141545 Red Hat2141546 Red Hat2141547 Red Hat2141548 Red Hat2141549 Red Hat2141550 Red Hat2141551 Red Hat2141552 Red Hat2141553 Embargoed2141554 Red Hat2141556 Red Hat2141559 Red Hat2141560 Red Hat2141561 Red Hat2141562 Red Hat2141563 Red Hat2141564 Red Hat2141565 Red Hat2141566 Red Hat2141567 Red Hat2141569 Embargoed2141570 Red Hat2141571
Blocks: Embargoed2141542
TreeView+ depends on / blocked
 
Reported: 2022-11-16 10:56 UTC by Dhananjay Arunesh
Modified: 2023-01-05 21:35 UTC (History)
5 users (show)

Fixed In Version: thunderbird 102.5, firefox 102.5
Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash.
Clone Of:
Environment:
Last Closed: 2022-12-14 18:18:34 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:8543 0 None None None 2022-11-21 11:08:55 UTC
Red Hat Product Errata RHSA-2022:8544 0 None None None 2022-11-21 11:25:29 UTC
Red Hat Product Errata RHSA-2022:8545 0 None None None 2022-11-21 11:28:56 UTC
Red Hat Product Errata RHSA-2022:8547 0 None None None 2022-11-21 11:31:40 UTC
Red Hat Product Errata RHSA-2022:8548 0 None None None 2022-11-21 12:29:18 UTC
Red Hat Product Errata RHSA-2022:8549 0 None None None 2022-11-21 12:36:26 UTC
Red Hat Product Errata RHSA-2022:8550 0 None None None 2022-11-21 12:34:18 UTC
Red Hat Product Errata RHSA-2022:8552 0 None None None 2022-11-21 12:46:20 UTC
Red Hat Product Errata RHSA-2022:8553 0 None None None 2022-11-21 12:41:03 UTC
Red Hat Product Errata RHSA-2022:8554 0 None None None 2022-11-21 12:48:46 UTC
Red Hat Product Errata RHSA-2022:8555 0 None None None 2022-11-21 12:53:45 UTC
Red Hat Product Errata RHSA-2022:8556 0 None None None 2022-11-21 12:50:53 UTC
Red Hat Product Errata RHSA-2022:8561 0 None None None 2022-11-21 16:19:57 UTC
Red Hat Product Errata RHSA-2022:8580 0 None None None 2022-11-22 13:33:48 UTC
Red Hat Product Errata RHSA-2022:8979 0 None None None 2022-12-13 16:07:04 UTC
Red Hat Product Errata RHSA-2022:8980 0 None None None 2022-12-13 16:07:22 UTC

Description Dhananjay Arunesh 2022-11-16 10:56:19 UTC 
The garbage collector could have been aborted in several states and zones and `GCRuntime::finishCollection` may not have been called, leading to a use-after-free and potentially exploitable crash



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45409
Comment 1 errata-xmlrpc 2022-11-21 11:08:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:8543 https://access.redhat.com/errata/RHSA-2022:8543
Comment 2 errata-xmlrpc 2022-11-21 11:25:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:8544 https://access.redhat.com/errata/RHSA-2022:8544
Comment 3 errata-xmlrpc 2022-11-21 11:28:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2022:8545 https://access.redhat.com/errata/RHSA-2022:8545
Comment 4 errata-xmlrpc 2022-11-21 11:31:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:8547 https://access.redhat.com/errata/RHSA-2022:8547
Comment 5 errata-xmlrpc 2022-11-21 12:29:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2022:8548 https://access.redhat.com/errata/RHSA-2022:8548
Comment 6 errata-xmlrpc 2022-11-21 12:34:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:8550 https://access.redhat.com/errata/RHSA-2022:8550
Comment 7 errata-xmlrpc 2022-11-21 12:36:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:8549 https://access.redhat.com/errata/RHSA-2022:8549
Comment 8 errata-xmlrpc 2022-11-21 12:41:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:8553 https://access.redhat.com/errata/RHSA-2022:8553
Comment 9 errata-xmlrpc 2022-11-21 12:46:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:8552 https://access.redhat.com/errata/RHSA-2022:8552
Comment 10 errata-xmlrpc 2022-11-21 12:48:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:8554 https://access.redhat.com/errata/RHSA-2022:8554
Comment 11 errata-xmlrpc 2022-11-21 12:50:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:8556 https://access.redhat.com/errata/RHSA-2022:8556
Comment 12 errata-xmlrpc 2022-11-21 12:53:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:8555 https://access.redhat.com/errata/RHSA-2022:8555
Comment 13 errata-xmlrpc 2022-11-21 16:19:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8561 https://access.redhat.com/errata/RHSA-2022:8561
Comment 14 errata-xmlrpc 2022-11-22 13:33:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8580 https://access.redhat.com/errata/RHSA-2022:8580
Comment 15 errata-xmlrpc 2022-12-13 16:07:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:8979 https://access.redhat.com/errata/RHSA-2022:8979
Comment 16 errata-xmlrpc 2022-12-13 16:07:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:8980 https://access.redhat.com/errata/RHSA-2022:8980
Comment 17 Product Security DevOps Team 2022-12-14 18:18:32 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-45409
Note You need to log in before you can comment on or make changes to this bug.