CVE-2022-38478

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-38478

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-38478.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-38478

Downstream

DEBIAN-CVE-2022-38478

DLA-3080-1

DLA-3097-1

DSA-5217-1

DSA-5221-1

OESA-2023-1673

OESA-2023-1674

RHSA-2022:6164

RHSA-2022:6165

RHSA-2022:6166

RHSA-2022:6167

RHSA-2022:6168

RHSA-2022:6169

RHSA-2022:6174

RHSA-2022:6175

RHSA-2022:6176

RHSA-2022:6177

RHSA-2022:6178

RHSA-2022:6179

SUSE-SU-2022:2984-1

SUSE-SU-2022:3007-1

SUSE-SU-2022:3030-1

SUSE-SU-2022:3272-1

SUSE-SU-2022:3273-1

SUSE-SU-2022:3281-1

SUSE-SU-2022:3396-1

UBUNTU-CVE-2022-38478

USN-5581-1

USN-5663-1

openSUSE-SU-2024:12286-1

openSUSE-SU-2024:12287-1

openSUSE-SU-2024:14572-1

Related

Published

2022-12-22T20:15:37Z

Modified

2025-08-09T20:01:26Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

References

Affected packages