CVE-2022-22763 in Thunderbirdinfo

Summary

by MITRE • 12/22/2022

When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 04/29/2026

This vulnerability represents a critical race condition in the JavaScript execution environment of Mozilla's browser applications, specifically affecting versions prior to 96 for Firefox, 91.6 for Thunderbird, and 91.6 for Firefox ESR. The flaw occurs during the worker shutdown process when scripts can execute at inappropriate points in the lifecycle, potentially leading to unexpected behavior and security implications.

The technical nature of this vulnerability stems from improper handling of asynchronous operations within the Web Worker execution context. When a worker is terminated, the normal execution flow should prevent any further script execution that could interfere with cleanup procedures or resource management. However, the race condition allows scripts to continue executing after the worker has ostensibly been shut down, creating a window where malicious code could potentially exploit this timing issue.

This flaw directly relates to CWE-367 which addresses Time-of-Check to Time-of-Use vulnerabilities, where an attacker can manipulate system state between verification and actual use of resources. The vulnerability enables an attacker to execute code at inappropriate times during the worker lifecycle, potentially allowing for privilege escalation or information disclosure attacks. The issue manifests because the shutdown mechanism fails to properly synchronize all pending operations before terminating the execution environment.

The operational impact of this vulnerability is significant as it affects core browser functionality and could be exploited in various attack scenarios. Attackers could potentially inject malicious code that executes during worker cleanup, leading to data corruption, unauthorized access, or system compromise. The vulnerability is particularly concerning because it occurs during normal application behavior when workers are being terminated, making detection difficult.

According to ATT&CK framework, this vulnerability aligns with T1059.007 for Scripting and T1068 for Exploitation for Privilege Escalation. The flaw could enable adversaries to execute arbitrary code in the context of the affected application, potentially leading to full system compromise. The timing aspect makes it particularly dangerous as it can be exploited during normal browser operations without raising immediate suspicion.

Mitigation strategies should focus on updating to patched versions of the affected applications where possible. Organizations should implement strict patch management protocols to ensure all instances of Firefox, Thunderbird, and Firefox ESR are updated to version 96 or later for Firefox, 91.6 or later for Thunderbird, and 91.6 or later for Firefox ESR. Additionally, security monitoring should be enhanced to detect unusual script execution patterns during worker shutdown operations. Network-based detection measures can help identify potential exploitation attempts by monitoring for anomalous behavior in JavaScript execution contexts.

Reservation

01/07/2022

Disclosure

12/22/2022

Moderation

accepted

Entry

2

Relate

show

CPE

ready

EPSS

0.00564

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!