Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2022-40961

Public on 2022-09-26
Modified on 2024-02-07
Description

A stack based buffer overflow vulnerability was identified in Mozilla Firefox and Firefox ESR. This vulnerability occurs when the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). An attacker could cause of denial-of-service style crash by exploiting this vulnerability. To exploit this vulnerability, a remote, unauthenticated attacker would need to convince a user to visit a specially crafted website or open a malicious document.

Severity
Medium
See what this means
CVSS v3 Base Score
6.1
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Firefox Extra firefox 2023-08-21 21:01 ALAS2FIREFOX-2023-010
Amazon Linux 2 - Core thunderbird 2023-02-17 00:11 ALAS2-2023-1951

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
NVD CVSSv3 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2022-40961 Mitre: CVE-2022-40961 FAQs regarding Amazon Linux ALAS/CVE Severity