Headline
CVE-2022-0511: Bug List
Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97.
1749831 Crash in [@ mozilla::dom::PContentParent::OtherPid] Core IPC kershaw RESO FIXE 2022-08-27 1747128 Missing locks in DoH code Core Networking: DNS rjesup RESO FIXE 2022-08-27 1747137 Missing lock in nsHostResolver Core Networking: DNS rjesup RESO FIXE 2022-08-27 1747870 11-bit field of wasm stack map is not large enough on x86 Core JavaScript: WebAssem lhansen RESO FIXE 2022-08-27 1746323 Missing lock in PromiseWorkerProxy::Create() Core DOM: Workers rjesup RESO FIXE 2022-08-27 1746875 Clean up memory reporting locking in netwerk/cache2 Core Networking: Cache rjesup RESO FIXE 2022-08-27 1747331 Lock cleanup in BackgroundFileSaver Core Networking: File rjesup RESO FIXE 2022-08-27 1747439 Fix a bunch of locking/race issues in cache2 Core Networking: Cache rjesup RESO FIXE 2022-08-27 1747457 Fix a number of missing locks in worker code Core DOM: Workers rjesup RESO FIXE 2022-08-27 1749274 Crash in [@ je_malloc | moz_xmalloc | xul.dll | <unknown in ntdll.dll> | RtlpCallVectoredHandlers | mozilla::a11y::MsaaAccessible::get_accRole] Core Disability Access AP jteh RESO FIXE 2022-08-27 1746313 Clean up mutex use in imgRequest.cpp Core Graphics: ImageLib rjesup RESO FIXE 2022-08-27 1746314 Locking issues in ffmpeg support Core Audio/Video: Playbac rjesup RESO FIXE 2022-08-27 1746316 Minor locking issue with security/manager DataStorage Core Security: PSM rjesup RESO FIXE 2022-08-27 1746321 Missing lock in WebMBufferedState::Reset() Core Audio/Video: Playbac rjesup RESO FIXE 2022-08-27 1746322 Missing lock in MediaSourceTrackDemuxer::DoGetSamples() Core Audio/Video: Playbac rjesup RESO FIXE 2022-08-27 1746412 Missing locks in several methods in HTML5 Parser Core DOM: HTML Parser rjesup RESO FIXE 2022-08-27 1746430 Missing lock in nsUrlClassifierPrefixSet::CalculatePreallocateSize() Toolkit Safe Browsing rjesup RESO FIXE 2022-08-27 1746451 Missing lock in PrintAPZInfo() Core Panning and Zooming rjesup RESO FIXE 2022-08-27 1746488 Fix a number of missing locks in xpcom InputStream code Core XPCOM rjesup RESO FIXE 2022-08-27 1746898 DOM XHR doesn’t lock when generating a memory report Core DOM: Networking rjesup RESO FIXE 2022-08-27 1746905 Fix a number of locking issues in dom/media Core Audio/Video rjesup RESO FIXE 2022-08-27 1746907 Fix a number of locking issues in GMP support Core Audio/Video: GMP rjesup RESO FIXE 2022-08-27 1746917 Clean up locking in MediaTrackGraph Core Audio/Video: MediaSt rjesup RESO FIXE 2022-08-27 1747346 Missing an misplaced locks in nsSocketTransport2.cpp Core XPCOM rjesup RESO FIXE 2022-08-27 1749051 Missing lock in CompositorBridgeParent::FinishShutdown Core Graphics: Layers rjesup RESO FIXE 2022-08-27 1743821 Intermittent SUMMARY: AddressSanitizer: heap-use-after-free /builds/worker/checkouts/gecko/widget/gtk/nsShmImage.cpp:235:7 in nsShmImage::DestroyImage() Core Widget: Gtk stransky RESO FIXE 2022-08-27 1735448 Leaking all bookmarks when a user tries to view a malicious bookmark URL from the exported bookmarks HTML file Firefox Bookmarks & History fbraun VERI FIXE 2022-08-27 1713579 Assertion failure: Unexpected null or lazy proto in MObjectStaticProto, at jit/VMFunctions.cpp:2805 Core JavaScript Engine: J iireland VERI FIXE 2022-08-27