CVE-2022-26385
published 2022-12-22CVE-2022-26385: In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially…
PriorityP427medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
0.55%
42.2th percentile
In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 98.0-1 (sid) | firefox 98.0-1 (sid) |
| mozilla | firefox | < 98.0 | 98.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 98.0.1+build2-0ubuntu0.18.04.1 | 98.0.1+build2-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 98.0+build3-0ubuntu0.18.04.2 | 98.0+build3-0ubuntu0.18.04.2 |
| mozilla | firefox | >= 0 < 98.0.2+build1-0ubuntu0.18.04.1 | 98.0.2+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 98.0.1+build2-0ubuntu0.20.04.1 | 98.0.1+build2-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 0 < 98.0+build3-0ubuntu0.20.04.2 | 98.0+build3-0ubuntu0.20.04.2 |
| mozilla | firefox | >= 0 < 98.0.2+build1-0ubuntu0.20.04.1 | 98.0.2+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 0 < 1:1snap1-0ubuntu1 | 1:1snap1-0ubuntu1 |
| mozilla | firefox | >= unspecified < 98 | 98 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox regressions
vendor_ubuntu·2022-03-24·CVSS 8.8
[HIGH] Firefox regressions
Title: Firefox regressions
Summary: USN-5321-1 introduced minor regressions in Firefox.
USN-5321-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the browser
UI, bypass security restrictions, obtain sensitive information, or execute
arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382,
CVE-2022-26383, CVE-2022-26384, CVE-2022-26385)
A TOCTOU bug was discovered when verifying addon signatures during
install. A local attacker could potentially exploit th
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2022-03-17·CVSS 8.8
CVE-2022-26382 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
USN-5321-1 fixed vulnerabilities in Firefox. The update didn't include
arm64 because of a regression. This update provides the corresponding
update for arm64.
This update also removes Yandex and Mail.ru as optional search providers
in the drop-down search menu.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the browser
UI, bypass security restrictions, obtain sensitive information, or execute
arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382,
CVE-2022-26383, CVE-20
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2022-03-10·CVSS 8.8
CVE-2022-26384 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the browser
UI, bypass security restrictions, obtain sensitive information, or execute
arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382,
CVE-2022-26383, CVE-2022-26384, CVE-2022-26385)
A TOCTOU bug was discovered when verifying addon signatures during
install. A local attacker could potentially exploit this to trick a
user into installing an addon with an invalid signature.
(CVE-2022-26387)
Instructions: After a standard system update you need t
Debian
CVE-2022-26385: firefox - In unusual circumstances, an individual thread may outlive the thread's manager ...
vendor_debian·2022·CVSS 6.5
CVE-2022-26385 [MEDIUM] CVE-2022-26385: firefox - In unusual circumstances, an individual thread may outlive the thread's manager ...
In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98.
Scope: local
sid: resolved (fixed in 98.0-1)
Mozilla
Mozilla Foundation Security Advisory 2022-10: CVE-2022-26385
vendor_mozilla·CVSS 6.5
CVE-2022-26385 [MEDIUM] Mozilla Foundation Security Advisory 2022-10: CVE-2022-26385
Mozilla Foundation Security Advisory 2022-10
CVE: CVE-2022-26385
Product: Firefox
Impact: moderate
Fixed in: Firefox 98
GHSA
GHSA-pgf6-c8hm-r5j6: In unusual circumstances, an individual thread may outlive the thread's manager during shutdown
ghsa_unreviewed·2022-12-22
CVE-2022-26385 [MEDIUM] CWE-416 GHSA-pgf6-c8hm-r5j6: In unusual circumstances, an individual thread may outlive the thread's manager during shutdown
In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98.
OSV
firefox regressions
osv·2022-03-24·CVSS 8.8
[HIGH] firefox regressions
firefox regressions
USN-5321-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the browser
UI, bypass security restrictions, obtain sensitive information, or execute
arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382,
CVE-2022-26383, CVE-2022-26384, CVE-2022-26385)
A TOCTOU bug was discovered when verifying addon signatures during
install. A local attacker could potentially exploit this to trick a
user into installing an addon with an invalid signature
OSV
firefox vulnerabilities
osv·2022-03-17·CVSS 8.8
[HIGH] firefox vulnerabilities
firefox vulnerabilities
USN-5321-1 fixed vulnerabilities in Firefox. The update didn't include
arm64 because of a regression. This update provides the corresponding
update for arm64.
This update also removes Yandex and Mail.ru as optional search providers
in the drop-down search menu.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the browser
UI, bypass security restrictions, obtain sensitive information, or execute
arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382,
CVE-2022-26383, CVE-2022-26384, CVE-2022-26385)
A TOCTOU bug was discovered when verifying addon signatures during
install. A local a
OSV
firefox vulnerabilities
osv·2022-03-10·CVSS 8.8
CVE-2022-0843 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the browser
UI, bypass security restrictions, obtain sensitive information, or execute
arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382,
CVE-2022-26383, CVE-2022-26384, CVE-2022-26385)
A TOCTOU bug was discovered when verifying addon signatures during
install. A local attacker could potentially exploit this to trick a
user into installing an addon with an invalid signature.
(CVE-2022-26387)
OSV
CVE-2022-26385: In unusual circumstances, an individual thread may outlive the thread's manager during shutdown
osv·2022-03-09·CVSS 6.5
CVE-2022-26385 [MEDIUM] CVE-2022-26385: In unusual circumstances, an individual thread may outlive the thread's manager during shutdown
In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 98.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-22
Published