A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash.
*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106.
References
| Link | Resource |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1786818 | Issue Tracking Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2022-44/ | Vendor Advisory |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1786818 | Issue Tracking Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2022-44/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 07:31
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://bugzilla.mozilla.org/show_bug.cgi?id=1786818 - Issue Tracking, Vendor Advisory | |
| References | () https://www.mozilla.org/security/advisories/mfsa2022-44/ - Vendor Advisory |
29 Aug 2023, 15:56
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-416 | |
| References | (MISC) https://www.mozilla.org/security/advisories/mfsa2022-44/ - Vendor Advisory | |
| References | (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1786818 - Issue Tracking, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| First Time |
Mozilla firefox
Mozilla |
|
| CPE | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
24 Aug 2023, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-24 17:15
Updated : 2024-11-21 07:31
NVD link : CVE-2022-46884
Mitre link : CVE-2022-46884
CVE.ORG link : CVE-2022-46884
JSON object : View
Products Affected
mozilla
- firefox
CWE
CWE-416
Use After Free