CVE-2022-34481Integer Overflow or Wraparound in Mozilla Firefox

CWE-190Integer Overflow or Wraparound13 documents8 sources
Severity
8.8HIGHNVD
OSV6.5
EPSS
0.2%
top 56.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 22

Description

In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified102
NVDmozilla/firefox< 102.0
CVEListV5mozilla/firefox_esrunspecified91.11
CVEListV5mozilla/thunderbirdunspecified102+1
NVDmozilla/firefox_esr< 91.11

🔴Vulnerability Details

5
GHSA
GHSA-f82m-4qrp-29gx: In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for t2022-12-22
OSV
CVE-2022-34481: In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for t2022-12-22
CVEList
CVE-2022-34481: In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for t2022-12-22
OSV
thunderbird vulnerabilities2022-07-14
OSV
firefox vulnerabilities2022-07-05

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2022-07-14
Ubuntu
Firefox vulnerabilities2022-07-05
Red Hat
Mozilla: Potential integer overflow in ReplaceElementsAt2022-06-28
Debian
CVE-2022-34481: firefox - In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer over...2022
Mozilla
Mozilla Foundation Security Advisory 2022-26: CVE-2022-34481
CVE-2022-34481 — Integer Overflow or Wraparound | cvebase