Vulnerability Details : CVE-2022-31747
Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2022-31747
Probability of exploitation activity in the next 30 days: 0.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-31747
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2022-31747
-
https://www.mozilla.org/security/advisories/mfsa2022-21/
Security Vulnerabilities fixed in Firefox ESR 91.10 — MozillaVendor Advisory
-
https://www.mozilla.org/security/advisories/mfsa2022-20/
Security Vulnerabilities fixed in Firefox 101 — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760765%2C1765610%2C1766283%2C1767365%2C1768559%2C1768734
Bug ListIssue Tracking;Vendor Advisory
-
https://www.mozilla.org/security/advisories/mfsa2022-22/
Security Vulnerabilities fixed in Thunderbird 91.10 — MozillaVendor Advisory
Products affected by CVE-2022-31747
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*