{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-1097", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "dateUpdated": "2024-08-02T23:55:22.820Z", "dateReserved": "2022-03-25T00:00:00", "datePublished": "2022-12-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2022-12-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8."}], "affected": [{"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"version": "unspecified", "lessThan": "91.8", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox", "versions": [{"version": "unspecified", "lessThan": "99", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"version": "unspecified", "lessThan": "91.8", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-13/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-14/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-15/"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745667"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Use-after-free in NSSToken objects"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:55:22.820Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-13/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-14/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-15/", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745667", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "A841617D-181C-45FF-868A-33DD504B1BA8", "versionEndExcluding": "99.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB18B69A-EE03-4E15-A9AA-FCF442042761", "versionEndExcluding": "91.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DCED53B-8838-45E1-A516-90C99C7DF6F9", "versionEndExcluding": "91.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8."}, {"lang": "es", "value": "Se hac\u00eda referencia a los objetos <code>NSSToken</code> a trav\u00e9s de puntos directos y se podr\u00eda haber accedido a ellos de forma insegura en diferentes subprocesos, lo que provoc\u00f3 un use after free y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird &lt; 91.8, Firefox &lt; 99 y Firefox ESR &lt; 91.8."}], "id": "CVE-2022-1097", "lastModified": "2022-12-29T17:52:58.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-22T20:15:12.897", "references": [{"source": "security@mozilla.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745667"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-13/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-14/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-15/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:1284", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:91.8.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-04-08T00:00:00Z"}, {"advisory": "RHSA-2022:1302", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:91.8.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:1287", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:91.8.0-1.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-04-08T00:00:00Z"}, {"advisory": "RHSA-2022:1301", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:91.8.0-1.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:1283", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "firefox-0:91.8.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-04-08T00:00:00Z"}, {"advisory": "RHSA-2022:1303", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "thunderbird-0:91.8.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:1286", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "firefox-0:91.8.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-04-08T00:00:00Z"}, {"advisory": "RHSA-2022:1326", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "thunderbird-0:91.8.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-04-12T00:00:00Z"}, {"advisory": "RHSA-2022:1285", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "firefox-0:91.8.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-04-08T00:00:00Z"}, {"advisory": "RHSA-2022:1305", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "thunderbird-0:91.8.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-04-11T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Use-after-free in NSSToken objects", "id": "2072559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072559"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash."], "name": "CVE-2022-1097", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-04-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1097\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1097"], "threat_severity": "Important", "upstream_fix": "thunderbird 91.8, firefox 91.8"}