{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-22763", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "dateUpdated": "2024-08-03T03:21:49.151Z", "dateReserved": "2022-01-07T00:00:00", "datePublished": "2022-12-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2022-12-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6."}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"version": "unspecified", "lessThan": "96", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"version": "unspecified", "lessThan": "91.6", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"version": "unspecified", "lessThan": "91.6", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-05/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-06/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-01/"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740534"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Script Execution during invalid object state"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:21:49.151Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-05/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-06/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740534", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "473CF696-0664-4239-995D-D4700507DD1A", "versionEndExcluding": "96.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "47FA8B4B-E1E9-47E3-89E2-16B66FC1F3F6", "versionEndExcluding": "91.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "7310C774-9E33-4B34-83CE-CA2FB0032F01", "versionEndExcluding": "91.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6."}, {"lang": "es", "value": "Cuando se apaga un trabajador, era posible hacer que el script se ejecutara tarde en el ciclo de vida, en un punto posterior al que no deber\u00eda ser posible. Esta vulnerabilidad afecta a Firefox &lt; 96, Thunderbird&lt; 91.6 y Firefox ESR &lt; 91.6."}], "id": "CVE-2022-22763", "lastModified": "2022-12-30T13:58:09.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-22T20:15:20.483", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740534"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-05/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-06/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:0514", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:91.6.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0538", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:91.6.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0510", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:91.6.0-1.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0535", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:91.6.0-1.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0513", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "firefox-0:91.6.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0539", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "thunderbird-0:91.6.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0512", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "firefox-0:91.6.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0537", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "thunderbird-0:91.6.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0511", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "firefox-0:91.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-02-14T00:00:00Z"}, {"advisory": "RHSA-2022:0536", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "thunderbird-0:91.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-02-15T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Script Execution during invalid object state", "id": "2053240", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053240"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-94", "details": ["When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible."], "name": "CVE-2022-22763", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-02-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-22763\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22763\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22763"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate", "upstream_fix": "thunderbird 91.6, firefox 91.6"}