Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-45412HistoryDec 22, 2022 - 8:15 p.m.
CVE-2022-45412
2022-12-2220:15:43
Debian Security Bug Tracker
security-tracker.debian.org
14
symlink vulnerability
uninitialized memory
thunderbird
unix-based
firefox esr
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
59.3%
When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | firefox | < 107.0-1 | firefox_107.0-1_all.deb |
| Debian | 12 | all | firefox-esr | < 102.5.0esr-1 | firefox-esr_102.5.0esr-1_all.deb |
| Debian | 11 | all | firefox-esr | < 102.5.0esr-1~deb11u1 | firefox-esr_102.5.0esr-1~deb11u1_all.deb |
| Debian | 999 | all | firefox-esr | < 102.5.0esr-1 | firefox-esr_102.5.0esr-1_all.deb |
| Debian | 13 | all | firefox-esr | < 102.5.0esr-1 | firefox-esr_102.5.0esr-1_all.deb |
| Debian | 12 | all | thunderbird | < 1:102.5.0-1 | thunderbird_1:102.5.0-1_all.deb |
| Debian | 11 | all | thunderbird | < 1:102.5.0-1~deb11u1 | thunderbird_1:102.5.0-1~deb11u1_all.deb |
| Debian | 999 | all | thunderbird | < 1:102.5.0-1 | thunderbird_1:102.5.0-1_all.deb |
| Debian | 13 | all | thunderbird | < 1:102.5.0-1 | thunderbird_1:102.5.0-1_all.deb |
Related
prion
prion
Design/Logic Flaw
2022-12-22 20:15:00
ubuntucve
ubuntucve
CVE-2022-45412
2022-11-16 00:00:00
cvelist
cvelist
CVE-2022-45412
2022-12-22 00:00:00
cve
cve
CVE-2022-45412
2022-12-22 20:15:43
veracode
veracode
Symlink Attacks
2022-11-19 18:49:56
cnvd
cnvd
Mozilla Firefox backlink vulnerability
2022-11-21 00:00:00
nvd
nvd
CVE-2022-45412
2022-12-22 20:15:43
alpinelinux
alpinelinux
CVE-2022-45412
2022-12-22 20:15:43
redhatcve
redhatcve
CVE-2022-45412
2022-11-16 11:26:28
ibm
ibm
nessus
nessus
Debian DLA-3196-1 : thunderbird - LTS security update
2022-11-18 00:00:00
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2022-320-02)
2022-11-17 00:00:00
Oracle Linux 7 : firefox (ELSA-2022-8552)
2022-11-21 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2022-11-17 02:00:24
[slackware-security] mozilla-firefox
2022-11-17 02:00:08
rocky
rocky
firefox security update
2023-01-30 05:25:59
firefox security update
2022-11-21 12:37:04
thunderbird security update
2022-11-21 11:16:30
osv
osv
thunderbird - security update
2022-11-17 00:00:00
Important: thunderbird security update
2022-11-21 11:16:30
Important: firefox security update
2022-11-21 12:37:04
almalinux
almalinux
Important: firefox security update
2022-11-22 00:00:00
Important: firefox security update
2022-11-21 00:00:00
Important: thunderbird security update
2022-11-21 00:00:00
gentoo
gentoo
Mozilla Thunderbird: Multiple Vulnerabilities
2022-11-22 00:00:00
Mozilla Firefox: Multiple Vulnerabilities
2022-11-22 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3196-1)
2022-11-18 00:00:00
Slackware: Security Advisory (SSA:2022-320-02)
2022-11-17 00:00:00
Mageia: Security Advisory (MGASA-2022-0428)
2022-11-18 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2022-11-22 00:00:00
thunderbird security update
2022-11-24 00:00:00
thunderbird security update
2022-11-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 102.5.0-alt1
2022-11-24 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 102.5.0-alt1
2022-11-16 00:00:00
kaspersky
kaspersky
KLA20050 Multiple vulnerabilities in Mozilla Firefox ESR
2022-11-15 00:00:00
KLA20051 Multiple vulnerabilities in Mozilla Thunderbird
2022-11-15 00:00:00
KLA20049 Multiple vulnerabilities in Mozilla Firefox
2022-11-15 00:00:00
redhat
redhat
(RHSA-2022:8580) Important: firefox security update
2022-11-22 13:22:40
(RHSA-2022:8556) Important: thunderbird security update
2022-11-21 12:44:42
(RHSA-2022:8547) Important: thunderbird security update
2022-11-21 11:16:30
debian
debian
[SECURITY] [DLA 3199-1] firefox-esr security update
2022-11-17 19:18:41
[SECURITY] [DLA 3196-1] thunderbird security update
2022-11-17 11:54:17
[SECURITY] [DSA 5284-1] thunderbird security update
2022-11-17 19:02:16
centos
centos
thunderbird security update
2022-11-30 22:59:37
firefox security update
2022-11-30 22:58:26
mozilla
mozilla
Security Vulnerabilities fixed in Thunderbird 102.5 — Mozilla
2022-11-15 00:00:00
Security Vulnerabilities fixed in Firefox ESR 102.5 — Mozilla
2022-11-15 00:00:00
Security Vulnerabilities fixed in Firefox 107 — Mozilla
2022-11-15 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerability
2022-11-17 23:45:15
Updated firefox packages fix security vulnerability
2022-11-17 23:45:15
ubuntu
ubuntu
Firefox vulnerabilities
2022-11-16 00:00:00
Thunderbird vulnerabilities
2023-02-06 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0035
2023-06-22 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
59.3%
Related for DEBIANCVE:CVE-2022-45412