Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2022-28281

Published: 22/12/2022 Updated: 30/12/2022
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Firefox Esr

Vulnerability Summary

It exists that selecting text caused Firefox to crash in some circumstances. An attacker could potentially exploit this to cause a denial of service. (CVE-2022-28287)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox esr

mozilla thunderbird

mozilla firefox

Vendor Advisories

Ubuntu Security Notice: USN-5393-1: Thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Ubuntu Security Notice: USN-5370-1: Firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Debian Security Advisories: DSA-5118-1 thunderbird -- security update
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code For the oldstable distribution (buster), these problems have been fixed in version 1:9180-1~deb10u1 For the stable distribution (bullseye), these problems have been fixed in version 1:9180-1~deb11u1 We recommend ...
Debian Security Advisories: DSA-5113-1 firefox-esr -- security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing For the oldstable distribution (buster), these problems have been fixed in version 9180esr-1~deb10u1 For the stable distribution (bullseye), these problems have been f ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as h ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as h ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Securit ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security ...
Amazon Linux 2: ALAS2-2022-1789
The Mozilla Foundation Security Advisory describes this flaw as: NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash (CVE-2022-1097) The Mozilla Foundation Security Advisory describes this flaw as: After a VR Process is ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-2711 firefox 9802-1 990-1 High Fixed ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 91.8
Mozilla Foundation Security Advisory 2022-15 Security Vulnerabilities fixed in Thunderbird 918 Announced April 5, 2022 Impact high Products Thunderbird Fixed in Thunderbird 918 ...
Mozilla: Security Vulnerabilities fixed in Firefox 99
Mozilla Foundation Security Advisory 2022-13 Security Vulnerabilities fixed in Firefox 99 Announced April 5, 2022 Impact high Products Firefox Fixed in Firefox 99 ...
Mozilla: Security Vulnerabilities fixed in Firefox ESR 91.8
Mozilla Foundation Security Advisory 2022-14 Security Vulnerabilities fixed in Firefox ESR 918 Announced April 5, 2022 Impact high Products Firefox ESR Fixed in Firefox ESR 918 ...

Github Repositories

https://github.com/0vercl0k/CVE-2022-28281

PoC for CVE-2022-28281 a Mozilla Firefox Out of bounds write.

CVE-2022-28281: Mozilla Firefox Out of bounds write due to unexpected WebAuthN Extensions This is a bug that can be triggered from a compromised Windows Firefox renderer process If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption an

Recent Articles

IT threat evolution in Q2 2022. Non-mobile statistics
Securelist • AMR • 15 Aug 2022

IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2022: Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe. Web Anti-Virus recognized 273,033,368 unique URLs as ma...

Read more...

References

CWE-787https://www.mozilla.org/security/advisories/mfsa2022-13/https://bugzilla.mozilla.org/show_bug.cgi?id=1755621https://www.mozilla.org/security/advisories/mfsa2022-15/https://www.mozilla.org/security/advisories/mfsa2022-14/https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5393-1https://ubuntu.com/security/notices/USN-5370-1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook