CVE-2022-46880

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:31

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1749292 - Issue Tracking, Permissions Required () https://bugzilla.mozilla.org/show_bug.cgi?id=1749292 - Issue Tracking, Permissions Required
References () https://security.gentoo.org/glsa/202305-06 - () https://security.gentoo.org/glsa/202305-06 -
References () https://security.gentoo.org/glsa/202305-13 - () https://security.gentoo.org/glsa/202305-13 -
References () https://www.mozilla.org/security/advisories/mfsa2022-40/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2022-40/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2022-52/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2022-52/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2022-53/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2022-53/ - Vendor Advisory

03 May 2023, 12:16

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202305-13 -

03 May 2023, 11:15

Type Values Removed Values Added
CWE CWE-416
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
References
  • (GENTOO) https://security.gentoo.org/glsa/202305-06 -
References (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1749292 - (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1749292 - Issue Tracking, Permissions Required
References (MISC) https://www.mozilla.org/security/advisories/mfsa2022-53/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2022-53/ - Vendor Advisory
References (MISC) https://www.mozilla.org/security/advisories/mfsa2022-40/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2022-40/ - Vendor Advisory
References (MISC) https://www.mozilla.org/security/advisories/mfsa2022-52/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2022-52/ - Vendor Advisory

22 Dec 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-12-22 20:15

Updated : 2024-11-21 07:31


NVD link : CVE-2022-46880

Mitre link : CVE-2022-46880

CVE.ORG link : CVE-2022-46880


JSON object : View

Products Affected

mozilla

  • firefox_esr
  • firefox
  • thunderbird
CWE
CWE-416

Use After Free