CVE-2022-38476 Information

Description

A data race could occur in the PK11_ChangePW function potentially leading to a use-after-free vulnerability. In Firefox this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1760998 https://www.mozilla.org/security/advisories/mfsa2022-34/ https://www.mozilla.org/security/advisories/mfsa2022-36/