{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45406", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "dateUpdated": "2024-08-03T14:09:57.001Z", "dateReserved": "2022-11-14T00:00:00", "datePublished": "2022-12-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2022-12-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107."}], "affected": [{"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"version": "unspecified", "lessThan": "102.5", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"version": "unspecified", "lessThan": "102.5", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox", "versions": [{"version": "unspecified", "lessThan": "107", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-47/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-49/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-48/"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1791975"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Use-after-free of a JavaScript Realm"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:09:57.001Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-47/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-49/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-48/", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1791975", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "127E4452-84FE-49E3-A2EF-9C40C43A1FA6", "versionEndExcluding": "107.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC9380F7-F01F-4EA7-80D0-FD50AD5B292A", "versionEndExcluding": "102.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "25B4CDCF-8F95-4022-8B9F-82675E9E39B5", "versionEndExcluding": "102.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107."}, {"lang": "es", "value": "Si se produjo una condici\u00f3n de falta de memoria al crear un JavaScript global, un dominio de JavaScript puede eliminarse mientras las referencias al mismo permanezcan en una BaseShape. Esto podr\u00eda provocar un use after free que provocar\u00eda un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR &lt; 102,5, Thunderbird &lt; 102.5 y Firefox &lt; 107."}], "id": "CVE-2022-45406", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-22T20:15:42.197", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1791975"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-47/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-48/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-49/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Gro\u00df as the original reporter.", "affected_release": [{"advisory": "RHSA-2022:8552", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:102.5.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8555", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:102.5.0-2.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8547", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:102.5.0-2.el8_7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8554", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:102.5.0-1.el8_7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8553", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "firefox-0:102.5.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8556", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "thunderbird-0:102.5.0-2.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8543", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:102.5.0-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8550", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:102.5.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8543", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "thunderbird-0:102.5.0-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8550", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "firefox-0:102.5.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8543", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "thunderbird-0:102.5.0-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8550", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "firefox-0:102.5.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8544", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "thunderbird-0:102.5.0-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8549", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "firefox-0:102.5.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8545", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "thunderbird-0:102.5.0-2.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8548", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "firefox-0:102.5.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8561", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:102.5.0-2.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-21T00:00:00Z"}, {"advisory": "RHSA-2022:8580", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:102.5.0-1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-22T00:00:00Z"}, {"advisory": "RHSA-2022:8979", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "firefox-0:102.5.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2022-12-13T00:00:00Z"}, {"advisory": "RHSA-2022:8980", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "thunderbird-0:102.5.0-2.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2022-12-13T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Use-after-free of a JavaScript Realm", "id": "2143200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143200"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash."], "name": "CVE-2022-45406", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2022-11-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-45406\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45406\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45406\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45406"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important", "upstream_fix": "firefox 102.5, thunderbird 102.5"}