The vulnerabilities of Firefox browsers, Firefox ESR, and the email client Thunderbird, related to errors during initialization of variables, allow attackers to trigger a service failure.

🗓️ 18 Jul 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

Vulnerabilities in Firefox, Firefox ESR, Thunderbird cause interruptions from initialization errors.

Reporter	Title	Published	Views	Family All 217
ALT Linux	Security fix for the ALT Linux 10 package thunderbird version 91.10.0-alt1	3 Jun 202200:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package firefox-esr version 91.10.0-alt1	3 Jun 202200:00	–	altlinux
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring.	31 Jan 202314:47	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.2ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0	15 Nov 202205:24	–	ibm
Tenable Nessus	Amazon Linux 2 : thunderbird (ALAS-2022-1828)	21 Jul 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2 : firefox (ALASFIREFOX-2023-011)	27 Sep 202300:00	–	nessus
Tenable Nessus	AlmaLinux 9 : firefox (ALSA-2022:4873)	16 Nov 202200:00	–	nessus
Tenable Nessus	AlmaLinux 9 : thunderbird (ALSA-2022:4892)	16 Nov 202200:00	–	nessus
Tenable Nessus	CentOS 7 : firefox (RHSA-2022:4870)	2 Aug 202200:00	–	nessus
Tenable Nessus	CentOS 7 : thunderbird (RHSA-2022:4891)	2 Aug 202200:00	–	nessus

Vulners

Node

mozilla firefox_esrRange<91.10

OR

mozilla firefoxRange<101

OR

mozilla thunderbirdRange<91.10

OR

red_hat red_hat_enterprise_linuxMatch7

OR

red_hat red_hat_enterprise_linuxMatch8

OR

novell suse_linux_enterprise_server_for_sap_applicationsMatch15

OR

novell suse_linux_enterprise_serverMatch15-ltss

OR

novell opensuse_leapMatch15.3

OR

canonical ubuntuMatch21.10

OR

novell opensuse_leapMatch15.4

OR

red_hat red_hat_enterprise_linuxMatch9

OR

novell opensuse_leap_microMatch5.2

Source	Link
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2022-20/
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2022-21/
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2022-22/
security-tracker	www.security-tracker.debian.org/tracker/CVE-2022-31741
access	www.access.redhat.com/security/cve/CVE-2022-31741
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.5/
altsp	www.altsp.su/obnovleniya-bezopasnosti/
ubuntu	www.ubuntu.com/security/CVE-2022-31741
ubuntu	www.ubuntu.com/security/notices/USN-5475-1
ubuntu	www.ubuntu.com/security/notices/USN-5512-1

21 Nov 2023 00:00Current

CVSS 37.5

CVSS 27.6

EPSS0.0031

firefox extended support release thunderbird initialization errors