CVE-2022-1097 — Use After Free in Mozilla Firefox
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 50.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 22
Description
NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages9 packages
Patches
🔴Vulnerability Details
6OSV▶
CVE-2022-1097: NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free an↗2022-12-22
CVEList▶
CVE-2022-1097: NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free an↗2022-12-22
GHSA▶
GHSA-5hr7-vh78-qh58: NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free an↗2022-12-22
📋Vendor Advisories
7Debian▶
CVE-2022-1097: firefox - <code>NSSToken</code> objects were referenced via direct points, and could have ...↗2022