CVE-2022-38478
First published: Tue Aug 23 2022(Updated: )
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thunderbird | <102.2 | 102.2 |
| Thunderbird | <91.13 | 91.13 |
| Firefox | <104.0 | |
| Firefox ESR | <91.13 | |
| Firefox ESR | >=102.0<102.2 | |
| Thunderbird | <91.13 | |
| Thunderbird | >=102.0<102.2 | |
| Firefox | <104 | 104 |
| Firefox ESR | <102.2 | 102.2 |
| Firefox ESR | <91.13 | 91.13 |
| <104.0 | ||
| >=102.0<102.2 | ||
| <91.13 | ||
| <91.13 | ||
| >=102.0<102.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1770630%2C1776658
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/
- https://www.mozilla.org/security/advisories/mfsa2022-33/
- https://www.mozilla.org/security/advisories/mfsa2022-34/
- https://www.mozilla.org/security/advisories/mfsa2022-35/
- https://www.mozilla.org/security/advisories/mfsa2022-36/
- https://www.mozilla.org/security/advisories/mfsa2022-37/
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2022-38478?
CVE-2022-38478 is considered a high-severity vulnerability due to potential memory corruption and the risk of arbitrary code execution.
How do I fix CVE-2022-38478?
To fix CVE-2022-38478, update affected software to Thunderbird versions 102.2 or 91.13, Firefox ESR versions 102.2 or 91.13, or Firefox version 104.
Which software versions are affected by CVE-2022-38478?
CVE-2022-38478 affects Mozilla Firefox versions up to 104, Firefox ESR versions up to 102.2 and 91.13, and Thunderbird versions up to 102.2 and 91.13.
What types of vulnerabilities does CVE-2022-38478 include?
CVE-2022-38478 includes memory safety bugs that may lead to memory corruption.
Who reported the CVE-2022-38478 vulnerability?
CVE-2022-38478 was reported by members of the Mozilla Fuzzing Team.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/author
- agent/event
- agent/trending
- agent/source
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/mozilla
- canonical/thunderbird
- canonical/firefox
- canonical/firefox esr
- version/firefox esr/102.0
- version/thunderbird/102.0