Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-22737HistoryDec 22, 2022 - 8:15 p.m.
CVE-2022-22737
2022-12-2220:15:14
Debian Security Bug Tracker
security-tracker.debian.org
29
cve-2022-22737
firefox esr
firefox
thunderbird
race condition
audio sink
use-after-free
exploitable crash
unix
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
51.3%
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | firefox | < 96.0-1 | firefox_96.0-1_all.deb |
| Debian | 12 | all | firefox-esr | < 91.5.0esr-1 | firefox-esr_91.5.0esr-1_all.deb |
| Debian | 11 | all | firefox-esr | < 91.5.0esr-1~deb11u1 | firefox-esr_91.5.0esr-1~deb11u1_all.deb |
| Debian | 999 | all | firefox-esr | < 91.5.0esr-1 | firefox-esr_91.5.0esr-1_all.deb |
| Debian | 13 | all | firefox-esr | < 91.5.0esr-1 | firefox-esr_91.5.0esr-1_all.deb |
| Debian | 12 | all | thunderbird | < 1:91.5.0-1 | thunderbird_1:91.5.0-1_all.deb |
| Debian | 11 | all | thunderbird | < 1:91.5.0-2~deb11u1 | thunderbird_1:91.5.0-2~deb11u1_all.deb |
| Debian | 999 | all | thunderbird | < 1:91.5.0-1 | thunderbird_1:91.5.0-1_all.deb |
| Debian | 13 | all | thunderbird | < 1:91.5.0-1 | thunderbird_1:91.5.0-1_all.deb |
Related
cvelist
cvelist
CVE-2022-22737
2022-12-22 00:00:00
cve
cve
CVE-2022-22737
2022-12-22 20:15:14
alpinelinux
alpinelinux
CVE-2022-22737
2022-12-22 20:15:14
cnvd
cnvd
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-05208)
2022-12-30 00:00:00
prion
prion
Race condition
2022-12-22 20:15:00
ubuntucve
ubuntucve
CVE-2022-22737
2022-01-13 00:00:00
redhatcve
redhatcve
CVE-2022-22737
2022-01-12 23:23:09
nvd
nvd
CVE-2022-22737
2022-12-22 20:15:14
veracode
veracode
Denial Of Service (DoS)
2022-01-14 05:53:38
nessus
nessus
Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2022:0124)
2022-01-13 00:00:00
RHEL 8 : firefox (RHSA-2022:0125)
2022-01-13 00:00:00
Debian DLA-2881-1 : thunderbird - LTS security update
2022-01-16 00:00:00
osv
osv
thunderbird - security update
2022-01-16 00:00:00
firefox-esr - security update
2022-01-13 00:00:00
Important: thunderbird security update
2022-01-12 11:29:46
rocky
rocky
thunderbird security update
2022-01-12 11:29:46
firefox security update
2022-01-12 11:30:14
redhat
redhat
(RHSA-2022:0126) Important: firefox security update
2022-01-12 11:27:52
(RHSA-2022:0123) Important: thunderbird security update
2022-01-12 09:48:13
(RHSA-2022:0124) Important: firefox security update
2022-01-12 11:24:47
oraclelinux
oraclelinux
thunderbird security update
2022-01-12 00:00:00
thunderbird security update
2022-01-13 00:00:00
firefox security update
2022-01-13 00:00:00
centos
centos
thunderbird security update
2022-01-18 13:44:49
firefox security update
2022-01-18 13:44:03
debian
debian
[SECURITY] [DSA 5044-1] firefox-esr security update
2022-01-13 18:47:15
[SECURITY] [DLA 2880-1] firefox-esr security update
2022-01-16 10:55:08
[SECURITY] [DSA 5045-1] thunderbird security update
2022-01-14 18:25:24
openvas
openvas
Debian: Security Advisory (DLA-2881-1)
2022-01-17 00:00:00
CentOS: Security Advisory for thunderbird (CESA-2022:0127)
2022-01-19 00:00:00
Debian: Security Advisory (DSA-5045-1)
2022-01-16 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerability
2022-01-16 23:39:09
Updated nss and firefox packages fix security vulnerabilities
2022-01-12 02:22:28
almalinux
almalinux
Important: thunderbird security update
2022-01-12 11:29:46
Important: firefox security update
2022-01-12 11:30:14
redos
redos
ROS-20220114-01
2022-01-14 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2022-01-13 00:00:00
Thunderbird vulnerabilities
2022-01-21 00:00:00
Thunderbird vulnerabilities
2022-01-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 91.5.0-alt1
2022-01-19 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 91.5.0-alt1
2022-01-20 00:00:00
kaspersky
kaspersky
KLA12416 Multiple vulnerabilities in Mozilla Firefox ESR
2022-01-11 00:00:00
KLA12417 Multiple vulnerabilities in Mozilla Thunderbird
2022-01-11 00:00:00
KLA12415 Multiple vulnerabilities in Mozilla Firefox
2022-01-11 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Thunderbird 91.5 — Mozilla
2022-01-11 00:00:00
Security Vulnerabilities fixed in Firefox ESR 91.5 — Mozilla
2022-01-11 00:00:00
Security Vulnerabilities fixed in Firefox 96 — Mozilla
2022-01-11 00:00:00
suse
suse
Security update for MozillaThunderbird (important)
2022-01-26 00:00:00
Security update for MozillaFirefox (moderate)
2022-05-18 00:00:00
hivepro
hivepro
Mozilla Firefox patches multiple vulnerabilities
2022-01-12 07:57:08
amazon
amazon
Important: thunderbird
2022-03-07 23:34:00
Important: thunderbird
2022-07-06 03:17:00
ibm
ibm
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2022-02-21 00:00:00
Mozilla Thunderbird: Multiple Vulnerabilities
2022-08-10 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
51.3%
Related for DEBIANCVE:CVE-2022-22737