An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HMozilla Firefox
APPMozilla< 91.6.1< 97.0.2< 97.3.0Mozilla Firefox Focus
APPMozilla< 97.3.0Mozilla Thunderbird
APPMozilla< 91.6.2
CISA KEV — szczegółyi
- Dostawcai
- Mozilla ↗
- Produkti
- Firefox
- Data dodania do KEVi
- 7 marca 2022
- Termin remediation (USA)i
- 21 marca 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami producenta.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Mozilla Firefox zawiera lukę use-after-free w WebGPU IPC Framework, którą można wykorzystać do wykonania dowolnego kodu.
▸ Pokaż oryginał (EN)
Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.
Powiązane podatności
Use-after-free w Animation timelines Firefox/Thunderbird — RCE
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...
Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird ...