Search for vulnerabilities
Vulnerability details: VCID-4rkh-c3v8-aaas
Vulnerability ID VCID-4rkh-c3v8-aaas
Aliases CVE-2022-31747
Summary Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-125 Out-of-bounds Read
CWE-787 Out-of-bounds Write
CWE-416 Use After Free
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2022:4870
rhas Important https://access.redhat.com/errata/RHSA-2022:4871
rhas Important https://access.redhat.com/errata/RHSA-2022:4872
rhas Important https://access.redhat.com/errata/RHSA-2022:4873
rhas Important https://access.redhat.com/errata/RHSA-2022:4875
rhas Important https://access.redhat.com/errata/RHSA-2022:4876
rhas Important https://access.redhat.com/errata/RHSA-2022:4887
rhas Important https://access.redhat.com/errata/RHSA-2022:4888
rhas Important https://access.redhat.com/errata/RHSA-2022:4889
rhas Important https://access.redhat.com/errata/RHSA-2022:4890
rhas Important https://access.redhat.com/errata/RHSA-2022:4891
rhas Important https://access.redhat.com/errata/RHSA-2022:4892
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31747.json
epss 0.00180 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00180 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00180 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00180 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00180 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00180 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00180 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00180 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00180 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00180 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00180 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00180 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00200 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00200 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00200 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00200 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.00298 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
epss 0.01221 https://api.first.org/data/v1/epss?cve=CVE-2022-31747
cvssv3.1 9.8 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760765%2C1765610%2C1766283%2C1767365%2C1768559%2C1768734
ssvc Track https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760765%2C1765610%2C1766283%2C1767365%2C1768559%2C1768734
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=2092026
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31747
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31747
archlinux High https://security.archlinux.org/AVG-2760
archlinux High https://security.archlinux.org/AVG-2761
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-20
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-21
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-22
cvssv3.1 9.8 https://www.mozilla.org/security/advisories/mfsa2022-20/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2022-20/
cvssv3.1 9.8 https://www.mozilla.org/security/advisories/mfsa2022-21/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2022-21/
cvssv3.1 9.8 https://www.mozilla.org/security/advisories/mfsa2022-22/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2022-22/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31747.json
https://api.first.org/data/v1/epss?cve=CVE-2022-31747
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760765%2C1765610%2C1766283%2C1767365%2C1768559%2C1768734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://www.mozilla.org/security/advisories/mfsa2022-20/
https://www.mozilla.org/security/advisories/mfsa2022-21/
https://www.mozilla.org/security/advisories/mfsa2022-22/
2092026 https://bugzilla.redhat.com/show_bug.cgi?id=2092026
AVG-2760 https://security.archlinux.org/AVG-2760
AVG-2761 https://security.archlinux.org/AVG-2761
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2022-31747 https://nvd.nist.gov/vuln/detail/CVE-2022-31747
mfsa2022-20 https://www.mozilla.org/en-US/security/advisories/mfsa2022-20
mfsa2022-21 https://www.mozilla.org/en-US/security/advisories/mfsa2022-21
mfsa2022-22 https://www.mozilla.org/en-US/security/advisories/mfsa2022-22
RHSA-2022:4870 https://access.redhat.com/errata/RHSA-2022:4870
RHSA-2022:4871 https://access.redhat.com/errata/RHSA-2022:4871
RHSA-2022:4872 https://access.redhat.com/errata/RHSA-2022:4872
RHSA-2022:4873 https://access.redhat.com/errata/RHSA-2022:4873
RHSA-2022:4875 https://access.redhat.com/errata/RHSA-2022:4875
RHSA-2022:4876 https://access.redhat.com/errata/RHSA-2022:4876
RHSA-2022:4887 https://access.redhat.com/errata/RHSA-2022:4887
RHSA-2022:4888 https://access.redhat.com/errata/RHSA-2022:4888
RHSA-2022:4889 https://access.redhat.com/errata/RHSA-2022:4889
RHSA-2022:4890 https://access.redhat.com/errata/RHSA-2022:4890
RHSA-2022:4891 https://access.redhat.com/errata/RHSA-2022:4891
RHSA-2022:4892 https://access.redhat.com/errata/RHSA-2022:4892
USN-5475-1 https://usn.ubuntu.com/5475-1/
USN-5512-1 https://usn.ubuntu.com/5512-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31747.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760765%2C1765610%2C1766283%2C1767365%2C1768559%2C1768734
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T18:22:36Z/ Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760765%2C1765610%2C1766283%2C1767365%2C1768559%2C1768734
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-31747
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-31747
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2022-20/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T18:22:36Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-20/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2022-21/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T18:22:36Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-21/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2022-22/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-15T18:22:36Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-22/
Exploit Prediction Scoring System (EPSS)
Percentile 0.55873
EPSS Score 0.00180
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.