Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-40960

Опубликовано: 22 дек. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

РелизСтатусПримечание
bionic

released

105.0+build2-0ubuntu0.18.04.1
devel

not-affected

code not present
esm-infra/focal

DNE

focal

released

105.0+build2-0ubuntu0.20.04.1
jammy

not-affected

code not present
kinetic

not-affected

code not present
lunar

not-affected

code not present
trusty

ignored

end of standard support
upstream

released

105.0
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

released

1:102.4.2+build2-0ubuntu0.18.04.1
devel

not-affected

1:102.3.0+build1-0ubuntu1
esm-infra/focal

DNE

focal

released

1:102.4.2+build2-0ubuntu0.20.04.1
jammy

released

1:102.4.2+build2-0ubuntu0.22.04.1
kinetic

not-affected

1:102.3.0+build1-0ubuntu1
lunar

not-affected

1:102.3.0+build1-0ubuntu1
trusty

ignored

end of standard support
upstream

released

102.3
xenial

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 32%
0.00123
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-40960

CVSS3: 7.5
redhat
почти 3 года назад

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

nvd логотип

CVE-2022-40960

CVSS3: 6.5
nvd
больше 2 лет назад

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

debian логотип

CVE-2022-40960

CVSS3: 6.5
debian
больше 2 лет назад

Concurrent use of the URL parser with non-UTF-8 data was not thread-sa ...

github логотип

GHSA-w7vf-mp9x-925q

CVSS3: 6.5
github
больше 2 лет назад

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

fstec логотип

BDU:2022-06252

CVSS3: 7.5
fstec
почти 3 года назад

Уязвимость браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 32%
0.00123
Низкий

6.5 Medium

CVSS3