Bug 2120695 (CVE-2022-38477) - CVE-2022-38477 Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
Summary: CVE-2022-38477 Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox E...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-38477
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2119731 2119732 2119733 2119734 2119735 2119736 2119737 2119738 2119739 2119740 2119745 2119746 2119747 2119748 2119749 2119750 2119751 2119752 2119753 2119754
Blocks: 2119729
TreeView+ depends on / blocked
 
Reported: 2022-08-23 14:45 UTC by Mauro Matteo Cascella
Modified: 2023-01-04 21:38 UTC (History)
5 users (show)

Fixed In Version: firefox 102.2
Doc Type: ---
Doc Text:
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developer Nika Layzell and the Mozilla Fuzzing Team, reporting memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2022-09-02 21:55:46 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:6164 0 None None None 2022-08-24 19:01:47 UTC
Red Hat Product Errata RHSA-2022:6165 0 None None None 2022-08-24 17:15:34 UTC
Red Hat Product Errata RHSA-2022:6166 0 None None None 2022-08-24 17:21:07 UTC
Red Hat Product Errata RHSA-2022:6167 0 None None None 2022-08-24 17:38:52 UTC
Red Hat Product Errata RHSA-2022:6168 0 None None None 2022-08-24 17:38:07 UTC
Red Hat Product Errata RHSA-2022:6169 0 None None None 2022-08-24 21:38:13 UTC
Red Hat Product Errata RHSA-2022:6174 0 None None None 2022-08-24 18:45:29 UTC
Red Hat Product Errata RHSA-2022:6175 0 None None None 2022-08-24 19:02:17 UTC
Red Hat Product Errata RHSA-2022:6176 0 None None None 2022-08-24 18:30:53 UTC
Red Hat Product Errata RHSA-2022:6177 0 None None None 2022-08-24 19:08:53 UTC
Red Hat Product Errata RHSA-2022:6178 0 None None None 2022-08-24 18:42:17 UTC
Red Hat Product Errata RHSA-2022:6179 0 None None None 2022-08-24 21:38:48 UTC

Description Mauro Matteo Cascella 2022-08-23 14:45:04 UTC
Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38477

Comment 1 errata-xmlrpc 2022-08-24 17:15:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6165 https://access.redhat.com/errata/RHSA-2022:6165

Comment 2 errata-xmlrpc 2022-08-24 17:21:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6166 https://access.redhat.com/errata/RHSA-2022:6166

Comment 3 errata-xmlrpc 2022-08-24 17:38:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:6168 https://access.redhat.com/errata/RHSA-2022:6168

Comment 4 errata-xmlrpc 2022-08-24 17:38:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:6167 https://access.redhat.com/errata/RHSA-2022:6167

Comment 5 errata-xmlrpc 2022-08-24 18:30:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6176 https://access.redhat.com/errata/RHSA-2022:6176

Comment 6 errata-xmlrpc 2022-08-24 18:42:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:6178 https://access.redhat.com/errata/RHSA-2022:6178

Comment 7 errata-xmlrpc 2022-08-24 18:45:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6174 https://access.redhat.com/errata/RHSA-2022:6174

Comment 8 errata-xmlrpc 2022-08-24 19:01:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6164 https://access.redhat.com/errata/RHSA-2022:6164

Comment 9 errata-xmlrpc 2022-08-24 19:02:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6175 https://access.redhat.com/errata/RHSA-2022:6175

Comment 10 errata-xmlrpc 2022-08-24 19:08:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:6177 https://access.redhat.com/errata/RHSA-2022:6177

Comment 11 errata-xmlrpc 2022-08-24 21:38:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:6169 https://access.redhat.com/errata/RHSA-2022:6169

Comment 12 errata-xmlrpc 2022-08-24 21:38:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:6179 https://access.redhat.com/errata/RHSA-2022:6179

Comment 13 Product Security DevOps Team 2022-09-02 21:55:45 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-38477


Note You need to log in before you can comment on or make changes to this bug.