CVE-2022-46880 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free11 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 60.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedDec 22

Latest updateFeb 6

Description

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

▶CVEListV5mozilla/firefoxunspecified — 105

▶NVDmozilla/firefox< 105.0

▶CVEListV5mozilla/firefox_esrunspecified — 102.6

▶NVDmozilla/firefox_esr< 102.6

▶CVEListV5mozilla/thunderbirdunspecified — 102.6

🔴Vulnerability Details

OSV

thunderbird vulnerabilities↗2023-02-06

▶

OSV

CVE-2022-46880: A missing check related to tex units could have led to a use-after-free and potentially exploitable crash↗2022-12-22

▶

GHSA

GHSA-j5r5-jmr3-48c5: A missing check related to tex units could have led to a use-after-free and potentially exploitable crash↗2022-12-22

▶

CVEList

CVE-2022-46880: A missing check related to tex units could have led to a use-after-free and potentially exploitable crash↗2022-12-22

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2023-02-06

▶

Red Hat

Mozilla: Use-after-free in WebGL↗2022-12-13

▶

Debian

CVE-2022-46880: firefox - A missing check related to tex units could have led to a use-after-free and pote...↗2022

▶

Mozilla

Mozilla Foundation Security Advisory 2022-52: CVE-2022-46880↗

▶

Mozilla

Mozilla Foundation Security Advisory 2022-40: CVE-2022-46880↗

▶