CVE-2022-46881

{"id": "CVE-2022-46881", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-12-22T20:15:47.547", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770930", "tags": ["Issue Tracking", "Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://security.gentoo.org/glsa/202305-06", "source": "security@mozilla.org"}, {"url": "https://security.gentoo.org/glsa/202305-13", "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-44/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-52/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-53/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770930", "tags": ["Issue Tracking", "Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202305-06", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202305-13", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-44/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-52/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-53/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash.\n*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6."}, {"lang": "es", "value": "Una optimizaci\u00f3n en WebGL era incorrecta en algunos casos, y podr\u00eda haber provocado da\u00f1os en la memoria y un bloqueo potencialmente explotable. *Nota*: Este aviso se agreg\u00f3 el 13 de diciembre de 2022 despu\u00e9s de que entendi\u00e9ramos mejor el impacto del problema. La correcci\u00f3n se incluy\u00f3 en la versi\u00f3n original de Firefox 106. Esta vulnerabilidad afecta a Firefox &lt; 106, Firefox ESR &lt; 102.6 y Thunderbird &lt; 102.6."}], "lastModified": "2024-11-21T07:31:14.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "181587B4-3F8B-4B6F-8791-0323506EC07F", "versionEndExcluding": "106.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2521C8C-7745-4B25-9B20-6C3AFC1D7AF7", "versionEndExcluding": "102.6"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "895D09F3-D06C-42F6-9937-A6DDCE741FED", "versionEndExcluding": "102.6"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}