CVE-2022-38476 Data races in the code>PK11_ChangePW/code> function could lead to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password.

It has been assigned the CVE identifier CVE-2017-5208, and a full description of the vulnerability can be found here. Workarounds There are no known workarounds at this time. Update The latest stable release, ESR v102.3, was released on June 21st, 2018.

CVE References Vulnerability details https://www10.softwareadvisory.com/sites/default/files/advanced_downloads/Firefox_ESR102.3_Windows_32.msi.html https://www.tenable.com/plugins/newsletters/form/2502 https://www.tenable.com/plugins/newsletters/form/2504 https://www.tenable.com/plugins/newsletters/form/2505 https://www.tenable.com/plugins/newsletters/form/2506 https://www.tenable.com/plugins/newsletters/form/2507 https://www.tenable.com/plugins/newsletters/form/2508

Firefox Security Updates by Adobe

Firefox was the victim of an attack that exploited a vulnerability in Adobe Flash.

Firefox ESR  102.3

Firefox ESR (Extended Support Release) Firefox Extended Support Release is a version of Mozilla Firefox that offers extended support, typically for 1 year or 3 years. It's an opt-in program where users select the level of support they want to receive and are notified when updates are available.

Timeline

Published on: 12/22/2022 20:15:00 UTC
Last modified on: 01/03/2023 20:51:00 UTC

References

• https://bugzilla.mozilla.org/show_bug.cgi?id=1760998
• https://www.mozilla.org/security/advisories/mfsa2022-34/
• https://www.mozilla.org/security/advisories/mfsa2022-36/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38476