First published: Tue Oct 18 2022(Updated: )
Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <106 | 106 |
<106 | 106 | |
<102.4 | 102.4 | |
<102.4 | 102.4 | |
Mozilla Firefox | <106.0 | |
Mozilla Firefox ESR | <102.4 | |
Mozilla Thunderbird | <102.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID for this issue is CVE-2022-42928.
This vulnerability affects Mozilla Firefox versions up to and exclusive of 106.
This vulnerability affects Firefox ESR versions up to and exclusive of 102.4.
The severity of CVE-2022-42928 is rated as high with a CVSS score of 8.8.
To fix this vulnerability in Thunderbird, update to version 102.4 or later.