Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
2022-12-22T20:15:39.513
2025-04-15T15:15:59.423
Modified
CVSSv3.1: 6.5 (MEDIUM)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | mozilla | firefox | < 105.0 | Yes |
Application | mozilla | firefox_esr | < 102.3 | Yes |
Application | mozilla | thunderbird | < 102.3 | Yes |