CVE-2022-46880
6.5
MEDIUM
CVSS 3.1
EPSS 0.21%
Description
A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6.
How to fix CVE-2022-46880
To remediate CVE-2022-46880, upgrade the affected package to a fixed version below.
- —upgrade to 102.6.0esr-1~deb11u1 or later
- —upgrade to 1:102.6.0-1~deb11u1 or later
Is CVE-2022-46880 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 102.6.0esr-1~deb11u1
- from 0, < 1:102.6.0-1~deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |