CVE-2022-45409

Summary

The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 102.5affected
MozillaThunderbirdunspecified < 102.5affected
MozillaFirefoxunspecified < 107affected

Weaknesses

  • Use-after-free in Garbage Collection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References