Bug 2039574 (CVE-2022-22751) - CVE-2022-22751 Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
Summary: CVE-2022-22751 Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ES...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-22751
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2037104 2037105 2037106 2037107 2037108 2037109 2037110 2037111 2037149 2037150 2037151 2037152 2037153 2037154 2037155 2037156
Blocks: 2037102
TreeView+ depends on / blocked
 
Reported: 2022-01-12 00:14 UTC by Doran Moppert
Modified: 2023-01-30 09:10 UTC (History)
5 users (show)

Fixed In Version: firefox 91.5, thunderbird 91.5
Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption, some of which could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2022-01-12 14:34:15 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:0123 0 None None None 2022-01-12 10:23:32 UTC
Red Hat Product Errata RHSA-2022:0124 0 None None None 2022-01-12 12:28:17 UTC
Red Hat Product Errata RHSA-2022:0125 0 None None None 2022-01-12 11:45:49 UTC
Red Hat Product Errata RHSA-2022:0126 0 None None None 2022-01-12 12:00:55 UTC
Red Hat Product Errata RHSA-2022:0127 0 None None None 2022-01-12 13:04:31 UTC
Red Hat Product Errata RHSA-2022:0128 0 None None None 2022-01-12 12:16:54 UTC
Red Hat Product Errata RHSA-2022:0129 0 None None None 2022-01-12 12:24:03 UTC
Red Hat Product Errata RHSA-2022:0130 0 None None None 2022-01-12 11:55:42 UTC
Red Hat Product Errata RHSA-2022:0131 0 None None None 2022-01-12 12:02:37 UTC
Red Hat Product Errata RHSA-2022:0132 0 None None None 2022-01-12 12:06:19 UTC

Description Doran Moppert 2022-01-12 00:14:36 UTC 
Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22751
Comment 1 errata-xmlrpc 2022-01-12 10:23:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0123 https://access.redhat.com/errata/RHSA-2022:0123
Comment 2 errata-xmlrpc 2022-01-12 11:45:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0125 https://access.redhat.com/errata/RHSA-2022:0125
Comment 3 errata-xmlrpc 2022-01-12 11:55:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0130 https://access.redhat.com/errata/RHSA-2022:0130
Comment 4 errata-xmlrpc 2022-01-12 12:00:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0126 https://access.redhat.com/errata/RHSA-2022:0126
Comment 5 errata-xmlrpc 2022-01-12 12:02:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0131 https://access.redhat.com/errata/RHSA-2022:0131
Comment 6 errata-xmlrpc 2022-01-12 12:06:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0132 https://access.redhat.com/errata/RHSA-2022:0132
Comment 7 errata-xmlrpc 2022-01-12 12:16:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0128 https://access.redhat.com/errata/RHSA-2022:0128
Comment 8 errata-xmlrpc 2022-01-12 12:24:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0129 https://access.redhat.com/errata/RHSA-2022:0129
Comment 9 errata-xmlrpc 2022-01-12 12:28:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0124 https://access.redhat.com/errata/RHSA-2022:0124
Comment 10 errata-xmlrpc 2022-01-12 13:04:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0127 https://access.redhat.com/errata/RHSA-2022:0127
Comment 11 Product Security DevOps Team 2022-01-12 14:34:13 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-22751
Note You need to log in before you can comment on or make changes to this bug.