CVE-2022-34470 Session history navigations may have led to a use-after-free and potentially exploitable crash

It is potentially exploitable, and users who encounter this issue should update as soon as possible. WebExtensions are a new type of add-on that allows for more functionality than traditional add-ons, such as the ability to run background scripts. This functionality is provided by Google through the WebExtensions API. A vulnerability was found in the way that certain types of add-ons interact with the WebExtensions API. This could lead to add-ons unintentionally leaking information, incorrect information being communicated, or potentially exploitable crashes. The most common type of add-ons that are affected by this issue are session history navigations. This vulnerability has been assigned the following CVE identifier: CVE-2018-1285. session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox  102, Firefox ESR  91.11, Thunderbird  102, and Thunderbird  91.11. It is potentially exploitable, and users who encounter this issue should update as soon as possible.

How Does This Vulnerability Work?

The vulnerability exists in the way that certain types of add-ons interact with the WebExtensions API. The WebExtensions API is part of Google's implementation of the WebExtension standard, which was first introduced in Firefox  57 and Thunderbird  60. The following code snippet demonstrates an example situation where this issue could occur:

let ext = new WebExtension({
WebExtensionAPI: window.WebExtensionAPI,
});
ext.onInstalled.addListener(function() {
var sessionHistory = ext.sessionHistory;
for (var i = 0; i

What is the Firefox Add-on SDK?

The Firefox Add-on SDK is an open source add-on development framework that lets developers create and distribute add-ons without relying on Mozilla's infrastructure. It also provides a way for users to install extensions from outside the Mozilla Marketplace through the use of .xpi files.
Mozilla is aware of this issue and has provided mitigation in Firefox, Thunderbird, and SeaMonkey.

Potential Benefits of Updating

The update contains two main fixes: one is a fix for a use-after-free and other is a fix for a crash from a possible use-after-free.
Both of these fixes will prevent certain types of crashes, which is the only reason we recommend updating. For those who want to help with vulnerability research, Firefox would like to know about any crashes that you encounter during the update process so that they can be investigated further.

What happens if an user is vulnerable to this?

This vulnerability could lead to a use-after-free and potentially exploitable crash. If this vulnerability affects a system, it could cause an exploitable crash and possibly lead to remote code execution with no user interaction.

How Does This Affect Firefox Users?

This vulnerability affects Firefox users who have installed the latest version of the WebExtensions API. This vulnerability has been assigned the following CVE identifier: CVE-2018-1285.

Timeline

Published on: 12/22/2022 20:15:00 UTC
Last modified on: 01/04/2023 15:52:00 UTC

References

• https://www.mozilla.org/security/advisories/mfsa2022-24/
• https://bugzilla.mozilla.org/show_bug.cgi?id=1765951
• https://www.mozilla.org/security/advisories/mfsa2022-26/
• https://www.mozilla.org/security/advisories/mfsa2022-25/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34470