CVE-2022-45421 Mozilla developers Andrew McCreight and Gabriele Svelto found memory safety bugs in Thunderbird 102.4.
If you are running any version of these products and have not applied the latest patch, we advise you to do so as soon as possible. A total of eight issues were fixed in version 102.5. We do not know of any active attacks against users of Mozilla products but are keen to hear about these issues if they are exploited.
When upgrading, you may experience difficulties with your email accounts. Usually, you will be able to keep using them but in some cases you may have to set them up again.
Mozilla decided to release a new version of Firefox with this security issue fixed instead of waiting for the next scheduled update. The company released Firefox ESR 60.2 on October 12, 2018 instead.
Mozilla developers reported that an older version of the Adobe Reader PDF reader was included in Firefox as an optional PDF reader. By including this older version, an attacker could exploit this to install malicious plugins that could lead to arbitrary code execution.
Mozilla products are not affected by this issue if you updated to a later version of the product before Adobe released a fix for the issue. Mozilla recommended updating as soon as possible.
Mozilla released Firefox ESR 52.5 on September 19, 2018. This version is no longer receiving updates.
Mozilla released Firefox ESR 52.6 on October 4, 2018. This version is no longer receiving updates.
Mozilla released Firefox ESR 52.7 on
How to stay safe while using Firefox
For those who have not updated to the latest version of Firefox, Mozilla released an update on October 12, 2018. This update patches a security vulnerability that could allow for arbitrary code execution.
Timeline
Published on: 12/22/2022 20:15:00 UTC
Last modified on: 01/04/2023 18:29:00 UTC
References
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1767920%2C1789808%2C1794061
- https://www.mozilla.org/security/advisories/mfsa2022-49/
- https://www.mozilla.org/security/advisories/mfsa2022-48/
- https://www.mozilla.org/security/advisories/mfsa2022-47/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45421