CVE-2022-46881 — HIGH (8.8)

Q: How severe is CVE-2022-46881?

CVE-2022-46881 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-46881?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Firefox Esr, Mozilla Thunderbird.

Vulnerability Description

An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	< 106.0
Mozilla	Firefox Esr	< 102.6
Mozilla	Thunderbird	< 102.6

Related Weaknesses (CWE)

CWE-787

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1770930Issue TrackingPermissions Required
https://security.gentoo.org/glsa/202305-06
https://security.gentoo.org/glsa/202305-13
https://www.mozilla.org/security/advisories/mfsa2022-44/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-52/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-53/Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1770930Issue TrackingPermissions Required
https://security.gentoo.org/glsa/202305-06
https://security.gentoo.org/glsa/202305-13
https://www.mozilla.org/security/advisories/mfsa2022-44/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-52/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-53/Vendor Advisory

FAQ

What is CVE-2022-46881?

CVE-2022-46881 is a vulnerability with a CVSS score of 8.8 (HIGH). An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we bette...

How severe is CVE-2022-46881?

CVE-2022-46881 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-46881?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Firefox Esr, Mozilla Thunderbird.