Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40960


Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.


Published

2022-12-22T20:15:39.513

Last Modified

2025-04-15T15:15:59.423

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-416
  • Type: Secondary
    CWE-416

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application mozilla firefox < 105.0 Yes
Application mozilla firefox_esr < 102.3 Yes
Application mozilla thunderbird < 102.3 Yes

References