Bug 2092026 (CVE-2022-31747) - CVE-2022-31747 Mozilla: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
Summary: CVE-2022-31747 Mozilla: Memory safety bugs fixed in Firefox 101 and Firefox E...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-31747
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2089648 2089649 2089650 2089651 2089652 2089653 2089654 2089655 2089656 2089665 2089666 2089667 2089669 2089670 2089671 2089672 2089673 2089674 2091924 2091925
Blocks: 2089646
TreeView+ depends on / blocked
 
Reported: 2022-05-31 14:45 UTC by Mauro Matteo Cascella
Modified: 2023-01-10 11:20 UTC (History)
5 users (show)

Fixed In Version: firefox 91.10, thunderbird 91.10
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2022-06-03 20:32:00 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:4870 0 None None None 2022-06-01 20:22:40 UTC
Red Hat Product Errata RHSA-2022:4871 0 None None None 2022-06-01 22:18:37 UTC
Red Hat Product Errata RHSA-2022:4872 0 None None None 2022-06-01 21:55:11 UTC
Red Hat Product Errata RHSA-2022:4873 0 None None None 2022-06-01 21:51:54 UTC
Red Hat Product Errata RHSA-2022:4875 0 None None None 2022-06-01 21:05:34 UTC
Red Hat Product Errata RHSA-2022:4876 0 None None None 2022-06-01 21:04:17 UTC
Red Hat Product Errata RHSA-2022:4887 0 None None None 2022-06-03 12:45:48 UTC
Red Hat Product Errata RHSA-2022:4888 0 None None None 2022-06-03 12:22:12 UTC
Red Hat Product Errata RHSA-2022:4889 0 None None None 2022-06-02 23:46:54 UTC
Red Hat Product Errata RHSA-2022:4890 0 None None None 2022-06-03 15:36:04 UTC
Red Hat Product Errata RHSA-2022:4891 0 None None None 2022-06-03 01:48:00 UTC
Red Hat Product Errata RHSA-2022:4892 0 None None None 2022-06-03 15:25:13 UTC

Description Mauro Matteo Cascella 2022-05-31 14:45:04 UTC 
Mozilla developers and community members reported memory safety bugs present in Firefox 100 and Firefox ESR 91.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31747
Comment 1 errata-xmlrpc 2022-06-01 20:22:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:4870 https://access.redhat.com/errata/RHSA-2022:4870
Comment 2 errata-xmlrpc 2022-06-01 21:04:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:4876 https://access.redhat.com/errata/RHSA-2022:4876
Comment 3 errata-xmlrpc 2022-06-01 21:05:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4875 https://access.redhat.com/errata/RHSA-2022:4875
Comment 4 errata-xmlrpc 2022-06-01 21:51:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4873 https://access.redhat.com/errata/RHSA-2022:4873
Comment 5 errata-xmlrpc 2022-06-01 21:55:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:4872 https://access.redhat.com/errata/RHSA-2022:4872
Comment 6 errata-xmlrpc 2022-06-01 22:18:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:4871 https://access.redhat.com/errata/RHSA-2022:4871
Comment 7 errata-xmlrpc 2022-06-02 23:46:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4889 https://access.redhat.com/errata/RHSA-2022:4889
Comment 8 errata-xmlrpc 2022-06-03 01:47:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:4891 https://access.redhat.com/errata/RHSA-2022:4891
Comment 9 errata-xmlrpc 2022-06-03 12:22:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:4888 https://access.redhat.com/errata/RHSA-2022:4888
Comment 10 errata-xmlrpc 2022-06-03 12:45:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:4887 https://access.redhat.com/errata/RHSA-2022:4887
Comment 11 errata-xmlrpc 2022-06-03 15:25:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4892 https://access.redhat.com/errata/RHSA-2022:4892
Comment 12 errata-xmlrpc 2022-06-03 15:36:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:4890 https://access.redhat.com/errata/RHSA-2022:4890
Comment 13 Product Security DevOps Team 2022-06-03 20:31:58 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-31747
Note You need to log in before you can comment on or make changes to this bug.