CVE-2022-46880

CVSS 6.5 MEDIUMEPSS 0.7%CWE-416

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

22 Dec 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Mozilla · Firefox Mozilla · Firefox ESR Mozilla · Thunderbird

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1749292 https://security.gentoo.org/glsa/202305-06 https://security.gentoo.org/glsa/202305-13 https://www.mozilla.org/security/advisories/mfsa2022-40/https://www.mozilla.org/security/advisories/mfsa2022-52/https://www.mozilla.org/security/advisories/mfsa2022-53/