Vulnerability CVE-2022-46880: Information

Description

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-46880

Published: Dec. 22, 2022

Modified: May 3, 2023

Error type identifier: CWE-416

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	105.0-alt1	126.0.1-alt1	ALT-PU-2022-2653-1	307177	Fixed
firefox	p10	105.0.1-alt0.p10.1	118.0.2-alt0.p10.1	ALT-PU-2022-2930-1	307737	Fixed
firefox	p9	105.0.1-alt0.c9.1	105.0.1-alt0.c9.1	ALT-PU-2023-4339-1	319683	Fixed
firefox	c10f1	105.0.1-alt0.p10.1	112.0.2-alt0.p10.1	ALT-PU-2022-2930-1	307737	Fixed
firefox	c9f2	105.0.1-alt0.c9.1	105.0.1-alt0.c9.1	ALT-PU-2023-1139-1	309126	Fixed
firefox	p11	105.0-alt1	126.0.1-alt1	ALT-PU-2022-2653-1	307177	Fixed
firefox-esr	sisyphus	102.6.0-alt1	115.11.0-alt1	ALT-PU-2022-3341-1	311756	Fixed
firefox-esr	p10	102.6.0-alt1	115.11.0-alt1	ALT-PU-2022-3401-1	311776	Fixed
firefox-esr	p9	102.6.0-alt0.c9.1	102.11.0-alt0.c9.1	ALT-PU-2023-4336-1	319683	Fixed
firefox-esr	c10f1	115.8.0-alt0.c10.1	115.9.1-alt0.c10.1	ALT-PU-2024-3614-2	340631	Fixed
firefox-esr	c9f2	102.6.0-alt0.c9.1	102.12.0-alt0.c9.1	ALT-PU-2023-1138-1	309126	Fixed
firefox-esr	p11	102.6.0-alt1	115.11.0-alt1	ALT-PU-2022-3341-1	311756	Fixed
thunderbird	sisyphus	102.6.0-alt1	115.9.0-alt1	ALT-PU-2022-3354-1	311856	Fixed
thunderbird	p10	102.6.0-alt1	115.9.0-alt1	ALT-PU-2022-3407-1	311857	Fixed
thunderbird	p9	102.7.1-alt1	102.11.0-alt0.c9.1	ALT-PU-2023-4335-1	319683	Fixed
thunderbird	c10f1	102.6.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2022-3407-1	311857	Fixed
thunderbird	c9f2	102.6.1-alt1	102.11.0-alt0.c9.1	ALT-PU-2023-1137-1	309126	Fixed
thunderbird	p11	102.6.0-alt1	115.9.0-alt1	ALT-PU-2022-3354-1	311856	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2022-53/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-52/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-40/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1749292	Issue Tracking Permissions Required
GLSA-202305-06
GLSA-202305-13

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  105.0
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  102.6
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  102.6

Version: v24.5.3

Vulnerability CVE-2022-46880: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1