First published: Tue Sep 20 2022(Updated: )
Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <102.3 | 102.3 |
<105 | 105 | |
<102.3 | 102.3 | |
<102.3 | 102.3 | |
Mozilla Firefox | <105.0 | |
Mozilla Firefox ESR | <102.3 | |
Mozilla Thunderbird | <102.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2022-40962 is a vulnerability that affects Mozilla Firefox and Mozilla Thunderbird versions up to and including Firefox 105 and Thunderbird 102.3, respectively.
CVE-2022-40962 has a severity rating of 8.8 (high).
Yes, the affected software has been patched. For Firefox, update to version 105. For Firefox ESR, update to version 102.3. For Thunderbird, update to version 102.3.
The CWE ID of CVE-2022-40962 is 787.
You can find more information about CVE-2022-40962 in the Mozilla Bugzilla and Mozilla Security Advisories.