CVE-2022-22744
In Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird existieren mehrere Schwachstellen. Diese sind auf Fehler beim Speichermanagement, Fehler bei "FullScreen Access", Out-ouf-Bounds-Lesefehler, Use-after-Free-Fehler, einen Pufferüberlauf, Fehler in der Sandbox, eine unzureichende Bereinigung von Inhalten, einen Fehler in dem "Copy as curl"-Feature sowie Fehler im Umgang mit Zertifikatsinformationen zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 0.56% · 68.6th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Source | Open Source CentOS | |
| Xerox | Xerox FreeFlow Print Server v9 | |
| Xerox | Xerox FreeFlow Print Server 9 | |
| Xerox | Xerox FreeFlow Print Server 7 | |
| SUSE | SUSE Linux | |
| Oracle | Oracle Linux | |
| Gentoo | Gentoo Linux | |
| Xerox | Xerox FreeFlow Print Server v2 | |
| Red Hat | Red Hat Enterprise Linux | |
| Amazon | Amazon Linux 2 | |
| Ubuntu | Ubuntu Linux | |
| Debian | Debian Linux |
Timeline
- Jan 11, 2022 CVE Published
- Dec 23, 2022 EPSS Score
- Dec 30, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Mar 16, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- Jun 7, 2023 EPSS Score
- Jul 19, 2023 EPSS Score
- Aug 29, 2023 EPSS Score
- Nov 20, 2023 EPSS Score
- Jan 1, 2024 EPSS Score
- Feb 11, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0302.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0302 advisory
- https://securitydocs.business.xerox.com/wp-content/uploads/2022/06/Xerox-Security-Bulletin-XRX22-013-FreeFlow-Print-Server-v9.pdf advisory
- https://securitydocs.business.xerox.com/wp-content/uploads/2022/06/Xerox-Security-Bulletin-XRX22-012-FreeFlow-Printer.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2022/06/Xerox-Security-Bulletin-XRX22-015-FreeFlow-Print-Server-v7.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2023/04/Xerox-Security-Bulletin-XRX23-005-Xerox%25C2%25AE-FreeFlow%25C2%25AE-Print-Server-v9.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2025/10/Xerox-Security-Bulletin-XRX25-017-for-Xerox-FreeFlow-Print-Server-v9.pdf advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0432.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0432 advisory
- https://security.business.xerox.com/wp-content/uploads/2022/06/Xerox-Security-Bulletin-XRX22-014-FreeFlow-Print-Server-v9.pdf advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0611.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0611 advisory
- https://ubuntu.com/security/notices/USN-5872-1 advisory
- https://www.mozilla.org/en-US/firefox/96.0/releasenotes/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/ advisory
- https://access.redhat.com/errata/RHSA-2022:0131 advisory
- https://access.redhat.com/errata/RHSA-2022:0123 advisory
- http://linux.oracle.com/errata/ELSA-2022-0127.html advisory
…and 40 more