Bug 2053243 (CVE-2022-22764) - CVE-2022-22764 Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
Summary: CVE-2022-22764 Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ES...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-22764
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2051916 2051917 2051918 2051919 2051920 2051921 2051922 2051926 2051927 2051928 2051929 2051930 2051931 2051932 2053036
Blocks: 2051914
TreeView+ depends on / blocked
 
Reported: 2022-02-10 18:44 UTC by Tomas Hoger
Modified: 2023-01-30 09:22 UTC (History)
5 users (show)

Fixed In Version: firefox 91.6
Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption, some of which could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2022-02-14 10:47:42 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:0510 0 None None None 2022-02-14 08:51:09 UTC
Red Hat Product Errata RHSA-2022:0511 0 None None None 2022-02-14 08:46:36 UTC
Red Hat Product Errata RHSA-2022:0512 0 None None None 2022-02-14 08:43:03 UTC
Red Hat Product Errata RHSA-2022:0513 0 None None None 2022-02-14 08:30:13 UTC
Red Hat Product Errata RHSA-2022:0514 0 None None None 2022-02-14 09:07:26 UTC
Red Hat Product Errata RHSA-2022:0535 0 None None None 2022-02-15 10:32:39 UTC
Red Hat Product Errata RHSA-2022:0536 0 None None None 2022-02-15 10:36:40 UTC
Red Hat Product Errata RHSA-2022:0537 0 None None None 2022-02-15 10:34:09 UTC
Red Hat Product Errata RHSA-2022:0538 0 None None None 2022-02-15 10:50:41 UTC
Red Hat Product Errata RHSA-2022:0539 0 None None None 2022-02-15 10:18:13 UTC

Description Tomas Hoger 2022-02-10 18:44:49 UTC
Mozilla developers and community members reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22764

Comment 1 errata-xmlrpc 2022-02-14 08:30:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0513 https://access.redhat.com/errata/RHSA-2022:0513

Comment 2 errata-xmlrpc 2022-02-14 08:43:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0512 https://access.redhat.com/errata/RHSA-2022:0512

Comment 3 errata-xmlrpc 2022-02-14 08:46:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0511 https://access.redhat.com/errata/RHSA-2022:0511

Comment 4 errata-xmlrpc 2022-02-14 08:51:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0510 https://access.redhat.com/errata/RHSA-2022:0510

Comment 5 errata-xmlrpc 2022-02-14 09:07:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0514 https://access.redhat.com/errata/RHSA-2022:0514

Comment 6 Product Security DevOps Team 2022-02-14 10:47:39 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-22764

Comment 7 errata-xmlrpc 2022-02-15 10:18:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0539 https://access.redhat.com/errata/RHSA-2022:0539

Comment 8 errata-xmlrpc 2022-02-15 10:32:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0535 https://access.redhat.com/errata/RHSA-2022:0535

Comment 9 errata-xmlrpc 2022-02-15 10:34:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0537 https://access.redhat.com/errata/RHSA-2022:0537

Comment 10 errata-xmlrpc 2022-02-15 10:36:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0536 https://access.redhat.com/errata/RHSA-2022:0536

Comment 11 errata-xmlrpc 2022-02-15 10:50:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0538 https://access.redhat.com/errata/RHSA-2022:0538


Note You need to log in before you can comment on or make changes to this bug.