CVE-2022-34484

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-34484
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-34484.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-34484
Related
Published
2022-12-22T20:15:34Z
Modified
2024-09-11T04:53:46.291917Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

References

Affected packages

Debian:11 / firefox-esr

Package

Name
firefox-esr
Purl
pkg:deb/debian/firefox-esr?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
91.11.0esr-1~deb11u1

Affected versions

78.*

78.12.0esr-1
78.13.0esr-1~deb9u1
78.13.0esr-1~deb10u1
78.13.0esr-1~deb11u1
78.13.0esr-1
78.14.0esr-1~deb9u1
78.14.0esr-1~deb10u1
78.14.0esr-1~deb11u1
78.14.0esr-1
78.15.0esr-1~deb9u1
78.15.0esr-1~deb10u1
78.15.0esr-1~deb11u1

91.*

91.0esr-1
91.0.1esr-1
91.1.0esr-1
91.2.0esr-1
91.3.0esr-1
91.3.0esr-2
91.4.0esr-1
91.4.1esr-1~deb9u1
91.4.1esr-1~deb11u1
91.5.0esr-1~deb9u1
91.5.0esr-1~deb10u1
91.5.0esr-1~deb11u1
91.5.0esr-1
91.5.1esr-1
91.6.0esr-1~deb9u1
91.6.0esr-1~deb10u1
91.6.0esr-1~deb11u1
91.6.0esr-1
91.6.1esr-1~deb9u1
91.6.1esr-1~deb10u1
91.6.1esr-1~deb11u1
91.6.1esr-1
91.7.0esr-1~deb9u1
91.7.0esr-1~deb10u1
91.7.0esr-1~deb11u1
91.7.0esr-1
91.8.0esr-1~deb9u1
91.8.0esr-1~deb10u1
91.8.0esr-1~deb11u1
91.8.0esr-1
91.9.0esr-1~deb9u1
91.9.0esr-1~deb10u1
91.9.0esr-1~deb11u1
91.9.0esr-1
91.9.1esr-1~deb9u1
91.9.1esr-1~deb10u1
91.9.1esr-1~deb11u1
91.9.1esr-1
91.10.0esr-1~deb9u1
91.10.0esr-1~deb10u1
91.10.0esr-1~deb11u1
91.10.0esr-1
91.11.0esr-1~deb9u1
91.11.0esr-1~deb10u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / firefox-esr

Package

Name
firefox-esr
Purl
pkg:deb/debian/firefox-esr?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
91.11.0esr-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / firefox-esr

Package

Name
firefox-esr
Purl
pkg:deb/debian/firefox-esr?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
91.11.0esr-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / thunderbird

Package

Name
thunderbird
Purl
pkg:deb/debian/thunderbird?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:91.11.0-1~deb11u1

Affected versions

1:78.*

1:78.12.0-1
1:78.13.0-1~deb9u1
1:78.13.0-1~deb10u1
1:78.13.0-1~deb11u1
1:78.13.0-1
1:78.14.0-1~deb9u1
1:78.14.0-1~deb10u1
1:78.14.0-1~deb11u1
1:78.14.0-1

1:84.*

1:84.0~b3-1

1:85.*

1:85.0~b3-1

1:86.*

1:86.0~b3-1

1:88.*

1:88.0~b2-1

1:89.*

1:89.0~b2-1

1:90.*

1:90.0~b2-1

1:91.*

1:91.0~b1-1
1:91.0~b3-1
1:91.0~b5-1
1:91.0-1
1:91.0.2-1
1:91.1.0-1
1:91.1.1-1
1:91.2.0-1
1:91.2.1-1
1:91.3.0-1
1:91.3.2-1
1:91.4.0-1
1:91.4.1-1~deb9u1
1:91.4.1-1~deb10u1
1:91.4.1-1~deb11u1
1:91.4.1-1
1:91.5.0-1~deb9u1
1:91.5.0-1
1:91.5.0-2~deb10u1
1:91.5.0-2~deb11u1
1:91.5.0-2
1:91.5.1-1
1:91.6.0-1~deb9u1
1:91.6.0-1~deb10u1
1:91.6.0-1~deb11u1
1:91.6.0-1
1:91.6.1-1~deb9u1
1:91.6.1-1~deb10u1
1:91.6.1-1~deb11u1
1:91.6.1-1
1:91.6.2-1~deb9u1
1:91.6.2-1~deb10u1
1:91.6.2-1~deb11u1
1:91.6.2-1
1:91.7.0-1
1:91.7.0-2~deb9u1
1:91.7.0-2~deb10u1
1:91.7.0-2~deb11u1
1:91.7.0-2
1:91.8.0-1~deb9u1
1:91.8.0-1~deb10u1
1:91.8.0-1~deb11u1
1:91.8.0-1
1:91.8.1-1
1:91.9.0-1~deb9u1
1:91.9.0-1~deb10u1
1:91.9.0-1~deb11u1
1:91.9.0-1
1:91.10.0-1~deb9u1
1:91.10.0-1~deb10u1
1:91.10.0-1~deb11u1
1:91.10.0-1
1:91.11.0-1~deb10u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / thunderbird

Package

Name
thunderbird
Purl
pkg:deb/debian/thunderbird?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:91.11.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / thunderbird

Package

Name
thunderbird
Purl
pkg:deb/debian/thunderbird?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:91.11.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}