CVE-2022-34470 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free13 documents8 sources

Severity

9.8CRITICALNVD

OSV8.8OSV6.5

EPSS

0.6%

top 29.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedDec 22

Description

Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5mozilla/firefoxunspecified — 102

▶NVDmozilla/firefox< 102.0

▶CVEListV5mozilla/firefox_esrunspecified — 91.11

▶CVEListV5mozilla/thunderbirdunspecified — 102+1

▶NVDmozilla/firefox_esr< 91.11

🔴Vulnerability Details

CVEList

CVE-2022-34470: Session history navigations may have led to a use-after-free and potentially exploitable crash↗2022-12-22

▶

GHSA

GHSA-cvcg-29j6-c4g8: Session history navigations may have led to a use-after-free and potentially exploitable crash↗2022-12-22

▶

OSV

CVE-2022-34470: Session history navigations may have led to a use-after-free and potentially exploitable crash↗2022-12-22

▶

OSV

thunderbird vulnerabilities↗2022-07-14

▶

OSV

firefox vulnerabilities↗2022-07-05

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2022-07-14

▶

Ubuntu

Firefox vulnerabilities↗2022-07-05

▶

Red Hat

Mozilla: Use-after-free in nsSHistory↗2022-06-28

▶

Debian

CVE-2022-34470: firefox - Session history navigations may have led to a use-after-free and potentially exp...↗2022

▶

Mozilla

Mozilla Foundation Security Advisory 2022-25: CVE-2022-34470↗

▶