Bug 2081473 (CVE-2022-29917) - CVE-2022-29917 Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
Summary: CVE-2022-29917 Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox E...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-29917
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2078959 2078960 2078961 2078962 2078963 2078964 2078965 2078966 2078967 2078987 2079747 2079748 2079749 2079750 2079751 2079752 2079753 2079754 2079755
Blocks: 2078957
TreeView+ depends on / blocked
 
Reported: 2022-05-03 20:22 UTC by Mauro Matteo Cascella
Modified: 2023-01-10 11:17 UTC (History)
5 users (show)

Fixed In Version: firefox 91.9, thunderbird 91.9
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2022-05-18 05:15:10 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:1701 0 None None None 2022-05-04 11:16:46 UTC
Red Hat Product Errata RHSA-2022:1702 0 None None None 2022-05-04 11:50:06 UTC
Red Hat Product Errata RHSA-2022:1703 0 None None None 2022-05-04 11:59:25 UTC
Red Hat Product Errata RHSA-2022:1704 0 None None None 2022-05-04 11:21:41 UTC
Red Hat Product Errata RHSA-2022:1705 0 None None None 2022-05-04 11:24:32 UTC
Red Hat Product Errata RHSA-2022:1724 0 None None None 2022-05-05 13:32:22 UTC
Red Hat Product Errata RHSA-2022:1725 0 None None None 2022-05-05 14:32:11 UTC
Red Hat Product Errata RHSA-2022:1726 0 None None None 2022-05-05 13:59:46 UTC
Red Hat Product Errata RHSA-2022:1727 0 None None None 2022-05-05 13:48:15 UTC
Red Hat Product Errata RHSA-2022:1730 0 None None None 2022-05-05 14:03:06 UTC
Red Hat Product Errata RHSA-2022:4589 0 None None None 2022-05-18 01:27:33 UTC
Red Hat Product Errata RHSA-2022:4590 0 None None None 2022-05-18 01:27:05 UTC

Description Mauro Matteo Cascella 2022-05-03 20:22:00 UTC
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29917

Comment 1 errata-xmlrpc 2022-05-04 11:16:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1701 https://access.redhat.com/errata/RHSA-2022:1701

Comment 2 errata-xmlrpc 2022-05-04 11:21:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1704 https://access.redhat.com/errata/RHSA-2022:1704

Comment 3 errata-xmlrpc 2022-05-04 11:24:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1705 https://access.redhat.com/errata/RHSA-2022:1705

Comment 4 errata-xmlrpc 2022-05-04 11:50:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1702 https://access.redhat.com/errata/RHSA-2022:1702

Comment 5 errata-xmlrpc 2022-05-04 11:59:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1703 https://access.redhat.com/errata/RHSA-2022:1703

Comment 6 errata-xmlrpc 2022-05-05 13:32:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1724 https://access.redhat.com/errata/RHSA-2022:1724

Comment 7 errata-xmlrpc 2022-05-05 13:48:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1727 https://access.redhat.com/errata/RHSA-2022:1727

Comment 8 errata-xmlrpc 2022-05-05 13:59:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1726 https://access.redhat.com/errata/RHSA-2022:1726

Comment 9 errata-xmlrpc 2022-05-05 14:03:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1730 https://access.redhat.com/errata/RHSA-2022:1730

Comment 10 errata-xmlrpc 2022-05-05 14:32:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1725 https://access.redhat.com/errata/RHSA-2022:1725

Comment 11 errata-xmlrpc 2022-05-18 01:27:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4590 https://access.redhat.com/errata/RHSA-2022:4590

Comment 12 errata-xmlrpc 2022-05-18 01:27:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4589 https://access.redhat.com/errata/RHSA-2022:4589

Comment 13 Product Security DevOps Team 2022-05-18 05:15:08 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-29917


Note You need to log in before you can comment on or make changes to this bug.