Lucene search

Veracode Vulnerability DatabaseVERACODE:43012

HistoryAug 30, 2023 - 9:32 p.m.

Use After Free

2023-08-3021:32:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

firefox

use after free

refresh driver

vulnerability

memory corruption

svg image

software

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

39.3%

JSON

Firefox is vulnerable to Use After Free. The vulnerability exists if the Refresh Driver is destroyed at an inopportune time, which allows an attacker to cause an application crash through the memory corruption via malicious SVG image

CPENameOperatorVersion
firefox:sideq81.0-2
firefox:sideq83.0-1
firefox:sideq82.0.3-1
firefox:sideq81.0-2
firefox:sideq83.0-1
firefox:sideq82.0.3-1

Name	Operator	Version
firefox:sid	eq	81.0-2
firefox:sid	eq	83.0-1
firefox:sid	eq	82.0.3-1
firefox:sid	eq	81.0-2
firefox:sid	eq	83.0-1
firefox:sid	eq	82.0.3-1

References

bugzilla.mozilla.org/show_bug.cgi?id=1786818

security-tracker.debian.org/tracker/CVE-2022-46884

www.mozilla.org/security/advisories/mfsa2022-44/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for VERACODE:43012