CVE-2022-45409Use After Free in Mozilla Firefox

CWE-416Use After Free13 documents8 sources
Severity
8.8HIGHNVD
OSV8.1OSV6.5
EPSS
0.3%
top 50.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 22
Latest updateFeb 6

Description

The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified107
NVDmozilla/firefox< 107.0
CVEListV5mozilla/firefox_esrunspecified102.5
NVDmozilla/firefox_esr< 102.5
Ubuntumozilla/firefox< 107.0+build2-0ubuntu0.18.04.1+1

🔴Vulnerability Details

5
OSV
thunderbird vulnerabilities2023-02-06
CVEList
CVE-2022-45409: The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-a2022-12-22
GHSA
GHSA-9p3c-x5jh-9p27: The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-a2022-12-22
OSV
CVE-2022-45409: The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-a2022-12-22
OSV
firefox vulnerabilities2022-11-16

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2023-02-06
Ubuntu
Firefox vulnerabilities2022-11-16
Red Hat
Mozilla: Use-after-free in Garbage Collection2022-11-15
Debian
CVE-2022-45409: firefox - The garbage collector could have been aborted in several states and zones and <c...2022
Mozilla
Mozilla Foundation Security Advisory 2022-49: CVE-2022-45409
CVE-2022-45409 — Use After Free in Mozilla Firefox | cvebase