CVE-2022-29917
First published: Tue May 03 2022(Updated: )
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thunderbird | <91.9 | 91.9 |
| Firefox | <100.0 | |
| Firefox ESR | <91.9 | |
| Thunderbird | <91.9 | |
| Firefox | <100 | 100 |
| Firefox ESR | <91.9 | 91.9 |
| <100.0 | ||
| <91.9 | ||
| <91.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684739%2C1706441%2C1753298%2C1762614%2C1762620%2C1764778
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684739%2C1706441%2C1753298%2C1762614%2C1762620
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/
- https://www.mozilla.org/security/advisories/mfsa2022-16/
- https://www.mozilla.org/security/advisories/mfsa2022-17/
- https://www.mozilla.org/security/advisories/mfsa2022-18/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2022-29917?
CVE-2022-29917 is categorized as a memory safety vulnerability which can potentially lead to memory corruption.
How do I fix CVE-2022-29917?
To fix CVE-2022-29917, update to Firefox versions 100 or later, or Firefox ESR version 91.9.
Which versions of software are affected by CVE-2022-29917?
CVE-2022-29917 affects Firefox versions up to 99, Firefox ESR versions up to 91.8, and Thunderbird versions up to 91.8.
Can CVE-2022-29917 be exploited?
Although it's presumed that with enough effort CVE-2022-29917 could be exploited, there is currently no public evidence of widespread exploitation.
Who reported CVE-2022-29917?
CVE-2022-29917 was reported by Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter, and the Mozilla Fuzzing Team.
- agent/type
- agent/first-publish-date
- agent/author
- agent/description
- agent/severity
- agent/weakness
- agent/references
- agent/event
- agent/trending
- agent/source
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/mozilla
- canonical/thunderbird
- canonical/firefox
- canonical/firefox esr