ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2022-34480): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102. Solution(s) ubuntu-pro-upgrade-firefox ubuntu-pro-upgrade-libnss3 References https://attackerkb.com/topics/cve-2022-34480 CVE - 2022-34480 USN-5504-1 USN-5506-1 USN-5872-1

Ubuntu: (Multiple Advisories) (CVE-2022-34484): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-34484 CVE - 2022-34484 USN-5504-1 USN-5512-1

Ubuntu: USN-5504-1 (CVE-2022-34474): Firefox vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2022-34474 CVE - 2022-34474 USN-5504-1

Ubuntu: USN-5504-1 (CVE-2022-34482): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox < 102. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2022-34482 CVE - 2022-34482 USN-5504-1

Ubuntu: USN-5504-1 (CVE-2022-34475): Firefox vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description SVG <code>&lt;use&gt;</code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects Firefox < 102. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2022-34475 CVE - 2022-34475 USN-5504-1

Rocky Linux: CVE-2022-42929: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 03/13/2024 Added 03/12/2024 Modified 01/30/2025 Description If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2022-42929 CVE - 2022-42929 https://errata.rockylinux.org/RLSA-2022:7070 https://errata.rockylinux.org/RLSA-2022:7190

Debian: CVE-2022-38477: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-38477 CVE - 2022-38477

Alpine Linux: CVE-2022-34472: Vulnerability in Multiple Components Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Solution(s) alpine-linux-upgrade-firefox-esr alpine-linux-upgrade-thunderbird alpine-linux-upgrade-firefox References https://attackerkb.com/topics/cve-2022-34472 CVE - 2022-34472 https://security.alpinelinux.org/vuln/CVE-2022-34472

Red Hat: CVE-2021-4127: CVE-2021-4127 Mozilla: Angle graphics library out of date (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 01/06/2023 Added 01/06/2023 Modified 01/28/2025 Description An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2021-4127 RHSA-2021:0989 RHSA-2021:0990 RHSA-2021:0991 RHSA-2021:0992 RHSA-2021:0993 RHSA-2021:0994 RHSA-2021:0995 RHSA-2021:0996 View more

Rocky Linux: CVE-2022-45409: firefox (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2022-45409 CVE - 2022-45409 https://errata.rockylinux.org/RLSA-2022:8547 https://errata.rockylinux.org/RLSA-2022:8554

Debian: CVE-2022-2505: thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Solution(s) debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-2505 CVE - 2022-2505

Debian: CVE-2021-4129: firefox-esr, thunderbird -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 12/28/2022 Added 12/28/2022 Modified 01/28/2025 Description Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2021-4129 CVE - 2021-4129 DSA-5026-1 DSA-5034-1

Debian: CVE-2021-4127: firefox-esr, thunderbird -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 01/04/2023 Added 01/04/2023 Modified 01/28/2025 Description An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2021-4127 CVE - 2021-4127 DSA-4874-1 DSA-4876-1

Red Hat: CVE-2022-4662: Recursive locking violation in usb-storage that can cause the kernel to deadlock (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 12/22/2022 Created 08/10/2023 Added 08/10/2023 Modified 01/28/2025 Description A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2022-4662 RHSA-2023:2148 RHSA-2023:2458 RHSA-2023:2736 RHSA-2023:2951

Red Hat: CVE-2022-46871: CVE-2022-46871 Mozilla: libusrsctp library out of date (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 01/25/2023 Added 01/24/2023 Modified 01/28/2025 Description An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2022-46871 RHSA-2023:0285 RHSA-2023:0286 RHSA-2023:0288 RHSA-2023:0289 RHSA-2023:0295 RHSA-2023:0296 RHSA-2023:0456 RHSA-2023:0460 RHSA-2023:0461 RHSA-2023:0462 RHSA-2023:0463 RHSA-2023:0476 View more

VMware Photon OS: CVE-2022-42930 Severity 7 CVSS (AV:N/AC:H/Au:S/C:C/I:C/A:C) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-42930 CVE - 2022-42930

VMware Photon OS: CVE-2022-46879 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-46879 CVE - 2022-46879

Huawei EulerOS: CVE-2022-4662: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 12/22/2022 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-4662 CVE - 2022-4662 EulerOS-SA-2023-1614

VMware Photon OS: CVE-2022-42932 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-42932 CVE - 2022-42932

VMware Photon OS: CVE-2022-42931 Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-42931 CVE - 2022-42931

VMware Photon OS: CVE-2022-36320 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 103. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-36320 CVE - 2022-36320

VMware Photon OS: CVE-2022-34471 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-34471 CVE - 2022-34471

Ubuntu: USN-5504-1 (CVE-2022-34483): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox < 102. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2022-34483 CVE - 2022-34483 USN-5504-1

CentOS Linux: CVE-2022-4662: Important: kernel-rt security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 12/22/2022 Created 08/10/2023 Added 08/10/2023 Modified 01/28/2025 Description A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2022-4662

Ubuntu: USN-5504-1 (CVE-2022-34485): Firefox vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2022-34485 CVE - 2022-34485 USN-5504-1