CVE-2022-42930
published 2022-12-22CVE-2022-42930: If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability…
PriorityP431high7.1CVSS 3.1
AVNACHPRLUIRSUCHIHAH
EPSS
0.39%
31.1th percentile
If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 106.0-1 (sid) | firefox 106.0-1 (sid) |
| mozilla | firefox | < 106.0 | 106.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 106.0.2+build1-0ubuntu0.18.04.1 | 106.0.2+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 106.0.5+build1-0ubuntu0.18.04.1 | 106.0.5+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 106.0.2+build1-0ubuntu0.20.04.1 | 106.0.2+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 0 < 106.0.5+build1-0ubuntu0.20.04.1 | 106.0.5+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 106 | 106 |
| mozilla | thunderbird | >= 0 < 1:102.4.2+build2-0ubuntu0.20.04.1 | 1:102.4.2+build2-0ubuntu0.20.04.1 |
| mozilla | thunderbird | >= 0 < 1:102.4.2+build2-0ubuntu0.22.04.1 | 1:102.4.2+build2-0ubuntu0.22.04.1 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
osv8.1HIGH
vendor_ubuntu8.1HIGH
vendor_debian7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2022-11-10·CVSS 8.1
[HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: USN-5709-1 introduced minor regressions in Firefox
USN-5709-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2022-42927,
CVE-2022-42928, CVE-2022-42929, CVE-2022-42930, CVE-2022-42932)
It was discovered that Firefox saved usernames to a plaintext file. A
local user could potentially exploit this to obtain sensitive information.
(CVE-2022-42931)
Instruc
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2022-11-01·CVSS 8.1
CVE-2022-42927 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2022-42927,
CVE-2022-42928, CVE-2022-42929, CVE-2022-42930, CVE-2022-42932)
It was discovered that Firefox saved usernames to a plaintext file. A
local user could potentially exploit this to obtain sensitive information.
(CVE-2022-42931)
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Debian
CVE-2022-42930: firefox - If two Workers were simultaneously initializing their CacheStorage, a data race ...
vendor_debian·2022·CVSS 7.1
CVE-2022-42930 [HIGH] CVE-2022-42930: firefox - If two Workers were simultaneously initializing their CacheStorage, a data race ...
If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106.
Scope: local
sid: resolved (fixed in 106.0-1)
Mozilla
Mozilla Foundation Security Advisory 2022-44: CVE-2022-42930
vendor_mozilla·CVSS 7.1
CVE-2022-42930 [HIGH] Mozilla Foundation Security Advisory 2022-44: CVE-2022-42930
Mozilla Foundation Security Advisory 2022-44
CVE: CVE-2022-42930
Product: Firefox
Impact: moderate
Fixed in: Firefox 106
GHSA
GHSA-737f-pfm5-cmq6: If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the ThirdPartyUtil component
ghsa_unreviewed·2022-12-22
CVE-2022-42930 [HIGH] CWE-362 GHSA-737f-pfm5-cmq6: If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the ThirdPartyUtil component
If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the ThirdPartyUtil component. This vulnerability affects Firefox < 106.
OSV
firefox vulnerabilities
osv·2022-11-10·CVSS 8.1
CVE-2022-42927 [HIGH] firefox vulnerabilities
firefox vulnerabilities
USN-5709-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2022-42927,
CVE-2022-42928, CVE-2022-42929, CVE-2022-42930, CVE-2022-42932)
It was discovered that Firefox saved usernames to a plaintext file. A
local user could potentially exploit this to obtain sensitive information.
(CVE-2022-42931)
OSV
firefox vulnerabilities
osv·2022-11-01·CVSS 8.1
CVE-2022-42927 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2022-42927,
CVE-2022-42928, CVE-2022-42929, CVE-2022-42930, CVE-2022-42932)
It was discovered that Firefox saved usernames to a plaintext file. A
local user could potentially exploit this to obtain sensitive information.
(CVE-2022-42931)
OSV
CVE-2022-42930: If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component
osv·2022-10-27·CVSS 7.1
CVE-2022-42930 [HIGH] CVE-2022-42930: If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component
If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-22
Published