CVE-2022-40957 — Improper Handling of Inconsistent Structural Elements in Mozilla Firefox

CWE-240 — Improper Handling of Inconsistent Structural Elements12 documents8 sources

Severity

6.5MEDIUMNVD

OSV5.5

EPSS

0.2%

top 61.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedDec 22

Description

Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

▶CVEListV5mozilla/firefoxunspecified — 105

▶NVDmozilla/firefox< 105.0

▶CVEListV5mozilla/firefox_esrunspecified — 102.3

▶NVDmozilla/firefox_esr< 102.3

▶CVEListV5mozilla/thunderbirdunspecified — 102.3

🔴Vulnerability Details

GHSA

GHSA-4c5j-gp4q-69vc: Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash↗2022-12-22

▶

CVEList

CVE-2022-40957: Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash↗2022-12-22

▶

OSV

CVE-2022-40957: Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash↗2022-12-22

▶

OSV

thunderbird vulnerabilities↗2022-11-11

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2022-11-11

▶

Ubuntu

Firefox vulnerabilities↗2022-09-30

▶

Red Hat

Mozilla: Incoherent instruction cache when building WASM on ARM64↗2022-09-20

▶

Debian

CVE-2022-40957: firefox - Inconsistent data in instruction and data cache when creating wasm code could le...↗2022

▶

Mozilla

Mozilla Foundation Security Advisory 2022-40: CVE-2022-40957↗

▶