CVE-2022-34480 — Access of Uninitialized Pointer in Mozilla Firefox

CWE-824 — Access of Uninitialized Pointer12 documents7 sources

Severity

8.8HIGHNVD

OSV6.5

EPSS

0.4%

top 36.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla NSS Mozilla Thunderbird +1 more

Timeline

PublishedDec 22

Latest updateFeb 15

Description

Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶debiandebian/firefox< firefox 102.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 102

▶NVDmozilla/firefox< 102.0

▶Ubuntumozilla/firefox< 102.0+build2-0ubuntu0.18.04.1+1

▶mozillamozilla/firefox

🔴Vulnerability Details

OSV

nss vulnerabilities↗2023-02-15

▶

GHSA

GHSA-gx64-jm35-rwvr: Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being a↗2022-12-22

▶

OSV

nss vulnerabilities↗2022-07-07

▶

OSV

firefox vulnerabilities↗2022-07-05

▶

OSV

CVE-2022-34480: Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being a↗2022-07-05

▶

📋Vendor Advisories

Ubuntu

NSS vulnerabilities↗2023-02-15

▶

Ubuntu

NSS vulnerabilities↗2022-07-07

▶

Ubuntu

Firefox vulnerabilities↗2022-07-05

▶

Red Hat

firefox: Free of uninitialized pointer in lg_init↗2022-06-28

▶

Debian

CVE-2022-34480: firefox - Within the <code>lg_init()</code> function, if several allocations succeed but t...↗2022

▶