From e08a1fa2f085b2da9bfeb9c227eb93dfb08b3bc3 Mon Sep 17 00:00:00 2001 From: Frederik Braun Date: Thu, 22 Sep 2022 09:52:45 +0200 Subject: [PATCH] Fix credit for h264 bug --- announce/2022/mfsa2022-40.yml | 12 ++++++++++-- announce/2022/mfsa2022-41.yml | 12 ++++++++++-- announce/2022/mfsa2022-42.yml | 12 ++++++++++-- 3 files changed, 30 insertions(+), 6 deletions(-) diff --git a/announce/2022/mfsa2022-40.yml b/announce/2022/mfsa2022-40.yml index 5b41d2f..928d525 100644 --- a/announce/2022/mfsa2022-40.yml +++ b/announce/2022/mfsa2022-40.yml @@ -5,6 +5,14 @@ fixed_in: - Firefox 105 title: Security Vulnerabilities fixed in Firefox 105 advisories: + CVE-2022-3266: + title: Out of bounds read when decoding H264 + impact: high + reporter: Willy R. Vasquez at UT Austin + description: | + An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. + bugs: + - url: 1767360 CVE-2022-40959: title: Bypassing FeaturePolicy restrictions on transient pages impact: high @@ -58,7 +66,7 @@ advisories: impact: high reporter: Mozilla developers and community description: | - Mozilla developers Nika Layzell, Timothy Nikkel, Jeff Muizelaar, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. + Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. bugs: - - url: 1767360, 1776655, 1777574, 1784835, 1785109, 1786502, 1789440 + - url: 1776655, 1777574, 1784835, 1785109, 1786502, 1789440 desc: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 diff --git a/announce/2022/mfsa2022-41.yml b/announce/2022/mfsa2022-41.yml index 6306dad..4b1a3d5 100644 --- a/announce/2022/mfsa2022-41.yml +++ b/announce/2022/mfsa2022-41.yml @@ -5,6 +5,14 @@ fixed_in: - Firefox ESR 102.3 title: Security Vulnerabilities fixed in Firefox ESR 102.3 advisories: + CVE-2022-3266: + title: Out of bounds read when decoding H264 + impact: high + reporter: Willy R. Vasquez at UT Austin + description: | + An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. + bugs: + - url: 1767360 CVE-2022-40959: title: Bypassing FeaturePolicy restrictions on transient pages impact: high @@ -50,7 +58,7 @@ advisories: impact: high reporter: Mozilla developers and community description: | - Mozilla developers Nika Layzell, Timothy Nikkel, Jeff Muizelaar, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. + Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. bugs: - - url: 1767360, 1776655, 1777574, 1784835, 1785109, 1786502, 1789440 + - url: 1776655, 1777574, 1784835, 1785109, 1786502, 1789440 desc: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 diff --git a/announce/2022/mfsa2022-42.yml b/announce/2022/mfsa2022-42.yml index 5b0fd18..9e133b5 100644 --- a/announce/2022/mfsa2022-42.yml +++ b/announce/2022/mfsa2022-42.yml @@ -7,6 +7,14 @@ title: Security Vulnerabilities fixed in Thunderbird 102.3 description: | *In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.* advisories: + CVE-2022-3266: + title: Out of bounds read when decoding H264 + impact: high + reporter: Willy R. Vasquez at UT Austin + description: | + An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. + bugs: + - url: 1767360 CVE-2022-40959: title: Bypassing FeaturePolicy restrictions on transient pages impact: high @@ -60,7 +68,7 @@ advisories: impact: high reporter: Mozilla developers and community description: | - Mozilla developers Nika Layzell, Timothy Nikkel, Jeff Muizelaar, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. + Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. bugs: - - url: 1767360, 1776655, 1777574, 1784835, 1785109, 1786502, 1789440 + - url: 1776655, 1777574, 1784835, 1785109, 1786502, 1789440 desc: Memory safety bugs fixed in Thunderbird 102.3