First published: Tue Sep 20 2022(Updated: )
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <102.3 | 102.3 |
<105 | 105 | |
<102.3 | 102.3 | |
<102.3 | 102.3 | |
Mozilla Firefox | <105.0 | |
Mozilla Firefox ESR | <102.3 | |
Mozilla Thunderbird | <102.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2022-40957 is a vulnerability that affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105, which can lead to a potentially exploitable crash due to inconsistent data in instruction and data cache when creating wasm code.
Only Firefox on ARM64 platforms is affected by CVE-2022-40957.
CVE-2022-40957 has a severity level of medium with a CVSS score of 6.5.
To fix CVE-2022-40957, update your Firefox ESR to version 102.3 or later, Thunderbird to version 102.3 or later, or Firefox to version 105 or later.
You can find more information about CVE-2022-40957 on the Mozilla Bugzilla page and the Mozilla Security Advisories page.