CVE-2022-46884
Last modified
CVE-2022-46884 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. EPSS estimates a 0.41% chance of exploitation in the next 30 days.
Description
A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 106.0 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1786818Issue Tracking, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2022-44/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1786818Issue Tracking, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2022-44/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-46884?
How severe is CVE-2022-46884?
How do I fix CVE-2022-46884?
Are you affected by CVE-2022-46884?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST