CVE-2022-31737 — Out-of-bounds Write in Mozilla Firefox

CWE-787 — Out-of-bounds Write CWE-120 — Classic Buffer Overflow12 documents8 sources

Severity

9.8CRITICALNVD

OSV6.5

EPSS

0.4%

top 39.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedDec 22

Description

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5mozilla/firefoxunspecified — 101

▶NVDmozilla/firefox< 101

▶CVEListV5mozilla/firefox_esrunspecified — 91.10

▶NVDmozilla/firefox_esr< 91.10

▶CVEListV5mozilla/thunderbirdunspecified — 91.10

🔴Vulnerability Details

GHSA

GHSA-h74h-w4r7-rp9x: A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash↗2022-12-22

▶

OSV

CVE-2022-31737: A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash↗2022-12-22

▶

CVEList

CVE-2022-31737: A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash↗2022-12-22

▶

OSV

thunderbird vulnerabilities↗2022-07-14

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2022-07-14

▶

Ubuntu

Firefox vulnerabilities↗2022-06-13

▶

Red Hat

Mozilla: Heap buffer overflow in WebGL↗2022-05-31

▶

Debian

CVE-2022-31737: firefox - A malicious webpage could have caused an out-of-bounds write in WebGL, leading t...↗2022

▶

Mozilla

Mozilla Foundation Security Advisory 2022-22: CVE-2022-31737↗

▶