CVE-2022-38476

Summary

A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 102.2affected
MozillaThunderbirdunspecified < 102.2affected

Weaknesses

  • Data race and potential use-after-free in PK11_ChangePW

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References