1. Home
  2. Vulnerabilities
  3. CVE-2022-38476

CVE-2022-38476

CVSS v3.1 7.5 (High)
75% Progress
EPSS 0.20 % (59th)
0.20% Progress
Affected Products 2
Advisories 29
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.

Weaknesses
CWE-416
Use After Free
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2022-12-22 20:15:37
(21 months ago)
Updated Date
2023-01-03 20:51:36
(20 months ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox Esr prior 102.2 version cpe:2.3:a:mozilla:firefox_esr < 102.2
  Mozilla Thunderbird prior 102.2 version cpe:2.3:a:mozilla:thunderbird < 102.2