CVE-2022-26486: An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild…

critical9.6CVSS 3.1

AVNACLPRNUIRSCCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2022-03-21

Exploited in the wild

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
debian	firefox	< firefox 99.0-1 (sid)	firefox 99.0-1 (sid)
debian	firefox-esr	< firefox 99.0-1 (sid)	firefox 99.0-1 (sid)
debian	thunderbird	< firefox 99.0-1 (sid)	firefox 99.0-1 (sid)
mozilla	firefox	< 91.6.1	91.6.1
mozilla	firefox	< 97.0.2	97.0.2
mozilla	firefox	< 97.3.0	97.3.0
mozilla	firefox	—	—
mozilla	firefox	>= 0 < 97.0.2+build1-0ubuntu0.18.04.1	97.0.2+build1-0ubuntu0.18.04.1
mozilla	firefox	>= 0 < 97.0.2+build1-0ubuntu0.20.04.1	97.0.2+build1-0ubuntu0.20.04.1
mozilla	firefox	>= unspecified < 97.0.2	97.0.2
mozilla	firefox_esr	>= unspecified < 91.6.1	91.6.1
mozilla	firefox_focus	< 97.3.0	97.3.0
mozilla	firefox_for_android	>= unspecified < 97.3.0	97.3.0
mozilla	focus	>= unspecified < 97.3.0	97.3.0
mozilla	thunderbird	< 91.6.2	91.6.2
mozilla	thunderbird	>= 0 < 1:91.6.2-1~deb11u1	1:91.6.2-1~deb11u1
mozilla	thunderbird	>= 0 < 1:91.6.2-1	1:91.6.2-1
mozilla	thunderbird	>= 0 < 1:91.6.2-1	1:91.6.2-1
mozilla	thunderbird	>= 0 < 1:91.6.2-1	1:91.6.2-1
mozilla	thunderbird	>= unspecified < 91.6.2	91.6.2

CVSS provenance

nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

osv9.6CRITICAL

vulncheck9.6CRITICAL

cisa9.6CRITICAL