CVE-2022-45412

2022-12-2220:15:43

CWE-59

[email protected]

web.nvd.nist.gov

cve-2022-45412

thunderbird

unix-based systems

firefox esr

firefox

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.3%

JSON

When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

Affected configurations

Nvd

Node

mozillafirefoxRange<107.0

mozillafirefox_esrRange<102.5

mozillathunderbirdRange<102.5

AND

applemacosMatch-

googleandroidMatch-

linuxlinux_kernelMatch-

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox_esr*cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
googleandroid-cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox_esr	*	cpe:2.3:a:mozilla:firefox_esr::::::::
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
google	android	-	cpe:2.3:o:google:android:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*