CVE-2022-22763 — Race Condition in Mozilla Firefox

CWE-362 — Race Condition CWE-94 — Code Injection11 documents8 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 37.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedDec 22

Description

When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5mozilla/firefoxunspecified — 96

▶NVDmozilla/firefox< 96.0

▶CVEListV5mozilla/firefox_esrunspecified — 91.6

▶NVDmozilla/firefox_esr< 91.6

▶CVEListV5mozilla/thunderbirdunspecified — 91.6

🔴Vulnerability Details

CVEList

CVE-2022-22763: When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible↗2022-12-22

▶

OSV

CVE-2022-22763: When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible↗2022-12-22

▶

GHSA

GHSA-3fr2-34qf-c3pm: When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible↗2022-12-22

▶

OSV

thunderbird vulnerabilities↗2022-03-23

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2022-03-23

▶

Red Hat

Mozilla: Script Execution during invalid object state↗2022-02-08

▶

Debian

CVE-2022-22763: firefox-esr - When a worker is shutdown, it was possible to cause script to run late in the li...↗2022

▶

Mozilla

Mozilla Foundation Security Advisory 2022-05: CVE-2022-22763↗

▶

Mozilla

Mozilla Foundation Security Advisory 2022-06: CVE-2022-22763↗

▶