CVE-2022-46881
8.8
HIGH
CVSS 3.1
EPSS 0.25%
Description
An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6.
How to fix CVE-2022-46881
To remediate CVE-2022-46881, upgrade the affected package to a fixed version below.
- —upgrade to 102.6.0esr-1~deb11u1 or later
- —upgrade to 1:102.6.0-1~deb11u1 or later
Is CVE-2022-46881 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 102.6.0esr-1~deb11u1
- from 0, < 1:102.6.0-1~deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |