CVE-2022-46883Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds WriteCWE-88Argument Injection6 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 28.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxDebian FirefoxMsrc Azl3 Mozjs 102.15.1-1 ON Azure Linux 3.0
Timeline
PublishedDec 22

Description

Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. Thi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5mozilla/firefoxunspecified107
NVDmozilla/firefox< 107.0
Ubuntumozilla/firefox< 107.0+build2-0ubuntu0.20.04.1
mozillamozilla/firefox
debiandebian/firefox< firefox 107.0-1 (sid)

🔴Vulnerability Details

2
OSV
CVE-2022-46883: Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 1062022-12-22
GHSA
GHSA-rhh8-vf3p-5mx3: Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 1062022-12-22

📋Vendor Advisories

3
Microsoft
Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corru2022-12-13
Debian
CVE-2022-46883: firefox - Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Moz...2022
Mozilla
Mozilla Foundation Security Advisory 2022-47: CVE-2022-46883