2153454 – (CVE-2022-46878) CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6

Bug 2153454 (CVE-2022-46878) - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6

Summary: CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thu...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-46878
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2151151 2151152 2151153 2151154 2151155 2151156 2151157 2151158 2151159 2151160 2151161 2151176 2151177 2151178 2151179 2151180 2151181 2151182 2151183 2151184 2151185 2151186
Blocks:	2151149
TreeView+	depends on / blocked

Reported:	2022-12-14 15:58 UTC by Mauro Matteo Cascella
Modified:	2023-01-30 09:06 UTC (History)
CC List:	5 users (show)
Fixed In Version:	firefox 102.6, thunderbird 102.6
Doc Type:	---
Doc Text:	The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107 and Firefox ESR 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed:	2022-12-16 12:48:01 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:9065	None	None	None	2022-12-15 15:43:16 UTC
Red Hat Product Errata	RHSA-2022:9066	None	None	None	2022-12-15 15:42:55 UTC
Red Hat Product Errata	RHSA-2022:9067	None	None	None	2022-12-15 15:52:16 UTC
Red Hat Product Errata	RHSA-2022:9068	None	None	None	2022-12-15 15:52:41 UTC
Red Hat Product Errata	RHSA-2022:9069	None	None	None	2022-12-15 16:05:20 UTC
Red Hat Product Errata	RHSA-2022:9070	None	None	None	2022-12-15 16:05:40 UTC
Red Hat Product Errata	RHSA-2022:9071	None	None	None	2022-12-15 16:04:35 UTC
Red Hat Product Errata	RHSA-2022:9072	None	None	None	2022-12-15 16:14:47 UTC
Red Hat Product Errata	RHSA-2022:9074	None	None	None	2022-12-15 16:27:54 UTC
Red Hat Product Errata	RHSA-2022:9075	None	None	None	2022-12-15 16:18:01 UTC
Red Hat Product Errata	RHSA-2022:9076	None	None	None	2022-12-15 16:18:33 UTC
Red Hat Product Errata	RHSA-2022:9077	None	None	None	2022-12-15 16:15:59 UTC
Red Hat Product Errata	RHSA-2022:9078	None	None	None	2022-12-15 16:25:30 UTC
Red Hat Product Errata	RHSA-2022:9079	None	None	None	2022-12-15 16:28:19 UTC
Red Hat Product Errata	RHSA-2022:9080	None	None	None	2022-12-15 16:24:22 UTC
Red Hat Product Errata	RHSA-2022:9081	None	None	None	2022-12-15 16:27:26 UTC

Description Mauro Matteo Cascella 2022-12-14 15:58:33 UTC

Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107 and Firefox ESR 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46878

Comment 1 errata-xmlrpc 2022-12-15 15:42:53 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:9066 https://access.redhat.com/errata/RHSA-2022:9066

Comment 2 errata-xmlrpc 2022-12-15 15:43:15 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:9065 https://access.redhat.com/errata/RHSA-2022:9065

Comment 3 errata-xmlrpc 2022-12-15 15:52:15 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:9067 https://access.redhat.com/errata/RHSA-2022:9067

Comment 4 errata-xmlrpc 2022-12-15 15:52:40 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2022:9068 https://access.redhat.com/errata/RHSA-2022:9068

Comment 5 errata-xmlrpc 2022-12-15 16:04:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:9071 https://access.redhat.com/errata/RHSA-2022:9071

Comment 6 errata-xmlrpc 2022-12-15 16:05:19 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:9069 https://access.redhat.com/errata/RHSA-2022:9069

Comment 7 errata-xmlrpc 2022-12-15 16:05:38 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:9070 https://access.redhat.com/errata/RHSA-2022:9070

Comment 8 errata-xmlrpc 2022-12-15 16:14:46 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:9072 https://access.redhat.com/errata/RHSA-2022:9072

Comment 9 errata-xmlrpc 2022-12-15 16:15:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:9077 https://access.redhat.com/errata/RHSA-2022:9077

Comment 10 errata-xmlrpc 2022-12-15 16:17:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:9075 https://access.redhat.com/errata/RHSA-2022:9075

Comment 11 errata-xmlrpc 2022-12-15 16:18:32 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:9076 https://access.redhat.com/errata/RHSA-2022:9076

Comment 12 errata-xmlrpc 2022-12-15 16:24:21 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:9080 https://access.redhat.com/errata/RHSA-2022:9080

Comment 13 errata-xmlrpc 2022-12-15 16:25:29 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2022:9078 https://access.redhat.com/errata/RHSA-2022:9078

Comment 14 errata-xmlrpc 2022-12-15 16:27:25 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:9081 https://access.redhat.com/errata/RHSA-2022:9081

Comment 15 errata-xmlrpc 2022-12-15 16:27:52 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:9074 https://access.redhat.com/errata/RHSA-2022:9074

Comment 16 errata-xmlrpc 2022-12-15 16:28:18 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:9079 https://access.redhat.com/errata/RHSA-2022:9079

Comment 17 Product Security DevOps Team 2022-12-16 12:47:59 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-46878

Note You need to log in before you can comment on or make changes to this bug.