CVE-2022-22763
First published: Tue Jan 11 2022(Updated: )
When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <96 | 96 | |
| Mozilla Firefox ESR | <91.6 | 91.6 |
| <91.6 | 91.6 | |
| <91.6 | 91.6 | |
| Mozilla Firefox | <96.0 | |
| Mozilla Firefox ESR | <91.6 | |
| Mozilla Thunderbird | <91.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1740534
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/
- https://www.mozilla.org/security/advisories/mfsa2022-01/
- https://www.mozilla.org/security/advisories/mfsa2022-05/
- https://www.mozilla.org/security/advisories/mfsa2022-06/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-22753
- CVE-2022-22754
- CVE-2022-22756
- CVE-2022-22759
- CVE-2022-22760
- CVE-2022-22761
- CVE-2022-22763
- CVE-2022-22764
- CVE-2022-22746
- CVE-2022-22743
- CVE-2022-22742
- CVE-2022-22741
- CVE-2022-22740
- CVE-2022-22738
- CVE-2022-22737
- CVE-2021-4140
- CVE-2022-22750
- CVE-2022-22749
- CVE-2022-22748
- CVE-2022-22745
- CVE-2022-22744
- CVE-2022-22747
- CVE-2022-22736
- CVE-2022-22739
- CVE-2022-22751
- CVE-2022-22752
Frequently Asked Questions
What is the severity of CVE-2022-22763?
The severity of CVE-2022-22763 is medium.
Which software versions are affected by CVE-2022-22763?
Mozilla Firefox ESR versions up to but not including 91.6, Mozilla Thunderbird versions up to but not including 91.6, and Mozilla Firefox versions up to but not including 96 are affected by CVE-2022-22763.
How can CVE-2022-22763 be exploited?
An attacker could exploit CVE-2022-22763 by causing a script to run late in the lifecycle of a worker after it has been shutdown.
Is there a fix available for CVE-2022-22763?
Yes, Mozilla has released fixes for CVE-2022-22763. Users are advised to update to the latest versions of Mozilla Firefox ESR and Mozilla Thunderbird to mitigate the vulnerability.
Where can I find more information about CVE-2022-22763?
More information about CVE-2022-22763 can be found in the Mozilla bugzilla and the Mozilla security advisories mfsa2022-05 and mfsa2022-06.
- collector/mozilla-advisory
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/author
- agent/severity
- agent/references
- source/Mozilla
- agent/software-canonical-lookup
- agent/event
- agent/description
- agent/software-canonical-lookup-request
- agent/tags
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox esr
- canonical/mozilla thunderbird
- canonical/mozilla firefox