CVE-2022-28289

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-28289

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28289.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-28289

Downstream

DEBIAN-CVE-2022-28289

DLA-2971-1

DLA-2978-1

DSA-5113-1

DSA-5118-1

OESA-2023-1673

OESA-2023-1674

RHSA-2022:1283

RHSA-2022:1284

RHSA-2022:1285

RHSA-2022:1286

RHSA-2022:1287

RHSA-2022:1301

RHSA-2022:1302

RHSA-2022:1303

RHSA-2022:1305

RHSA-2022:1326

SUSE-RU-2022:1114-1

SUSE-RU-2022:1125-1

SUSE-RU-2022:14935-1

SUSE-SU-2022:1127-1

SUSE-SU-2022:1176-1

UBUNTU-CVE-2022-28289

USN-5370-1

USN-5393-1

openSUSE-SU-2022:1127-1

openSUSE-SU-2024:11975-1

openSUSE-SU-2024:14572-1

Related

Published

2022-12-22T20:15:25Z

Modified

2025-08-09T20:01:26Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

References

Affected packages