Описание
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
The Mozilla Foundation Security Advisory describes this flaw as: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2022:0124 | 12.01.2022 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2022:0127 | 12.01.2022 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2022:0129 | 12.01.2022 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2022:0130 | 12.01.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | firefox | Fixed | RHSA-2022:0125 | 12.01.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2022:0131 | 12.01.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | thunderbird | Fixed | RHSA-2022:0123 | 12.01.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | firefox | Fixed | RHSA-2022:0132 | 12.01.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
After accepting an untrusted certificate, handling an empty pkcs7 sequ ...
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с неправильной проверкой ввода пустой последовательности pkcs7, передаваемой как часть данных сертификата, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)
EPSS
4.3 Medium
CVSS3