CVE-2022-22740 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free13 documents8 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 49.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedDec 22

Description

Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5mozilla/firefoxunspecified — 96

▶NVDmozilla/firefox< 96.0

▶CVEListV5mozilla/firefox_esrunspecified — 91.5

▶NVDmozilla/firefox_esr< 91.5

▶CVEListV5mozilla/thunderbirdunspecified — 91.5

🔴Vulnerability Details

OSV

CVE-2022-22740: Certain network request objects were freed too early when releasing a network request handle↗2022-12-22

▶

CVEList

CVE-2022-22740: Certain network request objects were freed too early when releasing a network request handle↗2022-12-22

▶

GHSA

GHSA-5hrv-4r6h-jgxc: Certain network request objects were freed too early when releasing a network request handle↗2022-12-22

▶

OSV

thunderbird vulnerabilities↗2022-01-21

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2022-01-21

▶

Ubuntu

Thunderbird vulnerabilities↗2022-01-21

▶

Ubuntu

Firefox vulnerabilities↗2022-01-13

▶

Red Hat

Mozilla: Use-after-free of ChannelEventQueue::mOwner↗2022-01-11

▶

Debian

CVE-2022-22740: firefox - Certain network request objects were freed too early when releasing a network re...↗2022

▶