Lucene search

Ubuntu.comUB:CVE-2022-46885

HistoryDec 22, 2022 - 12:00 a.m.

CVE-2022-46885

2022-12-2200:00:00

ubuntu.com

mozilla firefox

memory safety bugs

memory corruption

arbitrary code execution

vulnerability

version 106

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

51.5%

JSON

Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing
Team reported memory safety bugs present in Firefox 105. Some of these bugs
showed evidence of memory corruption and we presume that with enough effort
some of these could have been exploited to run arbitrary code. This
vulnerability affects Firefox < 106.

Notes

Author	Note
tyhicks	mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur	starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchfirefox< 106.0.5+build1-0ubuntu0.20.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	firefox	< 106.0.5+build1-0ubuntu0.20.04.1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2022-46885

nvd.nist.gov/vuln/detail/CVE-2022-46885

security-tracker.debian.org/tracker/CVE-2022-46885

www.cve.org/CVERecord?id=CVE-2022-46885

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

51.5%

JSON

Related for UB:CVE-2022-46885