First published: Tue Nov 15 2022(Updated: )
Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Firefox 106 and Firefox ESR 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <102.5 | 102.5 |
Mozilla Firefox ESR | <102.5 | 102.5 |
Mozilla Firefox | <107 | 107 |
Mozilla Firefox | <107.0 | |
Mozilla Firefox ESR | <102.5 | |
Mozilla Thunderbird | <102.5 | |
<107.0 | ||
<102.5 | ||
<102.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The severity of CVE-2022-45421 is high with a severity value of 8.8.
CVE-2022-45421 affects Mozilla Thunderbird 102.4, Mozilla Firefox, and Mozilla Firefox ESR.
Yes, patches are available for CVE-2022-45421. Update to Thunderbird 102.5, Firefox 107, or Firefox ESR 102.5 to fix the vulnerability.
CVE-2022-45421 can be exploited to run arbitrary code by exploiting memory corruption bugs.
You can find more information about CVE-2022-45421 on Bugzilla and the Mozilla security advisories.