CVE-2022-28287 — Improper Control of a Resource Through its Lifetime in Mozilla Firefox

CWE-664 — Improper Control of a Resource Through its Lifetime7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 42.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedDec 22

Description

In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/firefox< firefox 99.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 99

▶NVDmozilla/firefox< 99.0

▶Ubuntumozilla/firefox< 99.0+build2-0ubuntu0.18.04.2+2

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-qffr-cvph-655f: In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash↗2022-12-22

▶

OSV

firefox vulnerabilities↗2022-04-07

▶

OSV

CVE-2022-28287: In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash↗2022-04-07

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2022-04-07

▶

Debian

CVE-2022-28287: firefox - In unusual circumstances, selecting text could cause text selection caching to b...↗2022

▶

Mozilla

Mozilla Foundation Security Advisory 2022-13: CVE-2022-28287↗

▶