Wiz
Vulnerability DatabaseCVE-2022-29918

CVE-2022-29918
NixOS vulnerability analysis and mitigation

Overview

CVE-2022-29918 is a high-severity memory safety vulnerability discovered in Firefox 99. The vulnerability was reported by Mozilla developers Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team, and was subsequently fixed in Firefox 100. The issue was publicly disclosed on May 3, 2022, as part of Mozilla Foundation Security Advisory 2022-16 (Mozilla Advisory).

Technical details

The vulnerability involves memory safety bugs that showed evidence of memory corruption in Firefox 99. The issue received a CVSS 3.1 base score of 8.8 (High), with attack vector being network-based, low attack complexity, requiring no privileges but user interaction, and having high impact on confidentiality, integrity, and availability (Ubuntu CVE).

Impact

The memory safety bugs demonstrated evidence of memory corruption which could potentially be exploited to execute arbitrary code on affected systems. Security researchers indicated that with sufficient effort, these vulnerabilities could be weaponized to compromise affected Firefox installations (Mozilla Advisory).

Mitigation and workarounds

The vulnerability was addressed in Firefox 100. Users of affected versions were advised to update their Firefox installations to version 100 or later. The fix was also deployed to various Linux distributions including Ubuntu 21.10, 20.04 LTS, and 18.04 LTS through their respective package updates (Ubuntu Security).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-12819HIGH8.1
  • NixOSNixOS
  • pgbouncer
NoYesDec 03, 2025
CVE-2025-20777MEDIUM6.7
  • NixOSNixOS
  • android
NoNoDec 02, 2025
CVE-2025-65105MEDIUM5.3
  • NixOSNixOS
  • apptainer
NoYesDec 02, 2025
CVE-2025-20789MEDIUM4.4
  • NixOSNixOS
  • android
NoNoDec 02, 2025
CVE-2025-20788MEDIUM4.4
  • NixOSNixOS
  • android
NoNoDec 02, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo