CVE-2022-22742 — Out-of-bounds Read in Mozilla Firefox

CWE-125 — Out-of-bounds Read CWE-120 — Classic Buffer Overflow13 documents8 sources

Severity

6.5MEDIUMNVD

OSV8.8

EPSS

0.3%

top 45.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedDec 22

Description

When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

▶CVEListV5mozilla/firefoxunspecified — 96

▶NVDmozilla/firefox< 96.0

▶CVEListV5mozilla/firefox_esrunspecified — 91.5

▶NVDmozilla/firefox_esr< 91.5

▶CVEListV5mozilla/thunderbirdunspecified — 91.5

🔴Vulnerability Details

GHSA

GHSA-55r4-xqfm-9443: When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash↗2022-12-22

▶

CVEList

CVE-2022-22742: When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash↗2022-12-22

▶

OSV

CVE-2022-22742: When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash↗2022-12-22

▶

OSV

thunderbird vulnerabilities↗2022-01-21

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2022-01-21

▶

Ubuntu

Thunderbird vulnerabilities↗2022-01-21

▶

Ubuntu

Firefox vulnerabilities↗2022-01-13

▶

Red Hat

Mozilla: Out-of-bounds memory access when inserting text in edit mode↗2022-01-11

▶

Debian

CVE-2022-22742: firefox - When inserting text while in edit mode, some characters might have lead to out-o...↗2022

▶