1. Home
  2. CVE Database
  3. CVE-2022-46880
MEDIUM · 6.5

CVE-2022-46880

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the im...

Vulnerability Description

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
MozillaFirefox< 105.0
MozillaFirefox Esr< 102.6
MozillaThunderbird< 102.6

Related Weaknesses (CWE)

CWE-416

References

FAQ

What is CVE-2022-46880?

CVE-2022-46880 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the im...

How severe is CVE-2022-46880?

CVE-2022-46880 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-46880?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Firefox Esr, Mozilla Thunderbird.