Vulnerabilities > CVE-2022-28282 - Use After Free vulnerability in Mozilla Firefox ESR

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
mozilla
CWE-416
NVD
Published: 2022-12-22
Updated: 2022-12-30

Summary

By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

Vulnerable Configurations

Part Description Count
Application
Mozilla
1397

Common Weakness Enumeration (CWE)

References