8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
39.2%
A potential use-after-free vulnerability existed in SVG Images if the
Refresh Driver was destroyed at an inopportune time. This could have lead
to memory corruption or a potentially exploitable crash. Note: This
advisory was added on December 13th, 2022 after discovering it was
inadvertently left out of the original advisory. The fix was included in
the original release of Firefox 106. This vulnerability affects Firefox <
106.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs38 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs68 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs78 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs91 | < any | UNKNOWN |
bugzilla.mozilla.org/show_bug.cgi?id=1786818
launchpad.net/bugs/cve/CVE-2022-46884
nvd.nist.gov/vuln/detail/CVE-2022-46884
security-tracker.debian.org/tracker/CVE-2022-46884
www.cve.org/CVERecord?id=CVE-2022-46884
www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-46884
www.mozilla.org/security/advisories/mfsa2022-44/