VDB
CVE-2022-34478
CVE-2022-34478
PUBLISHED
In Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird existieren mehrere Schwachstellen. Diese besitzen verschiedene Hintergründe, wie z.B. Use-after-Free-Fehlern, Speicherfehler oder unsichere Pop-Up-Windows. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand durchzuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 0.15% · 35.2th percentile
Risk Scores
EPSS Score
0.15%
35.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | |
| Open Source | Open Source CentOS | |
| Oracle | Oracle Solaris | |
| SUSE | SUSE Linux | |
| Oracle | Oracle Linux | |
| Red Hat | Red Hat Enterprise Linux | |
| Ubuntu | Ubuntu Linux | |
| Amazon | Amazon Linux 2 | |
| Gentoo | Gentoo Linux |
Exploit Intelligence
- https://bugzilla.mozilla.org/show_bug.cgi?id=1771381 (circl)
- CIRCL seen: CVE-2022-34478 (circl-sighting)
- https://www.mozilla.org/security/advisories/mfsa2022-24/ (circl)
- https://www.mozilla.org/security/advisories/mfsa2022-26/ (circl)
- https://www.mozilla.org/security/advisories/mfsa2022-25/ (circl)
- https://bugzilla.mozilla.org/show_bug.cgi?id=1773717 (vulncheck)
- (vulncheck-reported-exploitation)
- (vulncheck-reported-exploitation)
- (vulncheck-reported-exploitation)
Timeline
- Jun 15, 2022 VulnCheck KEV Exploitation
- Jun 28, 2022 CVE Published
- Dec 23, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 16, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- Jun 7, 2023 EPSS Score
- Jul 19, 2023 EPSS Score
- Aug 29, 2023 EPSS Score
- Sep 27, 2023 CVE Updated
- Oct 10, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0505.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0505 advisory
- https://alas.aws.amazon.com/AL2/ALASFIREFOX-2023-013.html advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/ advisory
- https://lists.debian.org/debian-security-announce/2022/msg00140.html advisory
- https://access.redhat.com/errata/RHSA-2022:5470 advisory
- https://access.redhat.com/errata/RHSA-2022:5474 advisory
- https://access.redhat.com/errata/RHSA-2022:5472 advisory
- https://access.redhat.com/errata/RHSA-2022:5478 advisory
- https://access.redhat.com/errata/RHSA-2022:5477 advisory
- https://access.redhat.com/errata/RHSA-2022:5469 advisory
- https://access.redhat.com/errata/RHSA-2022:5473 advisory
- https://lists.debian.org/debian-lts-announce/2022/06/msg00026.html advisory
- https://access.redhat.com/errata/RHSA-2022:5482 advisory
- https://access.redhat.com/errata/RHSA-2022:5481 advisory
- https://access.redhat.com/errata/RHSA-2022:5480 advisory
- https://access.redhat.com/errata/RHSA-2022:5479 advisory
- https://access.redhat.com/errata/RHSA-2022:5475 advisory
…and 24 more