CVE-2022-46872Out-of-bounds Read in Mozilla Firefox

CWE-125Out-of-bounds ReadCWE-200Sensitive Information Exposure15 documents8 sources
Severity
8.6HIGHNVD
OSV8.8OSV6.5
EPSS
0.3%
top 45.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 22
Latest updateFeb 6

Description

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified108
NVDmozilla/firefox< 108.0
CVEListV5mozilla/firefox_esrunspecified102.6
CVEListV5mozilla/thunderbirdunspecified102.6
NVDmozilla/firefox_esr< 102.6

🔴Vulnerability Details

6
OSV
thunderbird vulnerabilities2023-02-06
OSV
firefox regressions2023-01-05
OSV
CVE-2022-46872: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages2022-12-22
CVEList
CVE-2022-46872: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages2022-12-22
GHSA
GHSA-w696-j5x3-hhvj: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages2022-12-22

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2023-02-06
Ubuntu
Firefox regressions2023-01-10
Ubuntu
Firefox vulnerabilities2022-12-15
Red Hat
Mozilla: Arbitrary file read from a compromised content process2022-12-13
Debian
CVE-2022-46872: firefox - An attacker who compromised a content process could have partially escaped the s...2022
CVE-2022-46872 — Out-of-bounds Read in Mozilla Firefox | cvebase