First published: Tue Sep 20 2022(Updated: )
An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <102.3 | 102.3 |
<105 | 105 | |
<102.3 | 102.3 | |
<102.3 | 102.3 | |
Mozilla Firefox | <105.0 | |
Mozilla Firefox ESR | <102.3 | |
Mozilla Thunderbird | <102.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID is CVE-2022-3266.
The severity of CVE-2022-3266 is high with a severity value of 7.
CVE-2022-3266 affects Mozilla Thunderbird up to version 102.3, Mozilla Firefox up to version 105, and Mozilla Firefox ESR up to version 102.3.
CVE-2022-3266 can result in a potentially exploitable crash due to an out-of-bounds read when decoding H264 video.
To fix CVE-2022-3266, update Mozilla Thunderbird to version 102.3 or later, Mozilla Firefox to version 105 or later, or Mozilla Firefox ESR to version 102.3 or later.