Search for vulnerabilities
Vulnerability details: VCID-8qan-emhy-aaab
Vulnerability ID VCID-8qan-emhy-aaab
Aliases CVE-2022-46881
Summary An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46881.json
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00291 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00291 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00291 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00291 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00409 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
epss 0.00624 https://api.first.org/data/v1/epss?cve=CVE-2022-46881
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46881
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46881
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-44
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-52
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-53
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46881.json
https://api.first.org/data/v1/epss?cve=CVE-2022-46881
https://bugzilla.mozilla.org/show_bug.cgi?id=1770930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46882
https://security.gentoo.org/glsa/202305-06
https://security.gentoo.org/glsa/202305-13
https://www.mozilla.org/security/advisories/mfsa2022-44/
https://www.mozilla.org/security/advisories/mfsa2022-52/
https://www.mozilla.org/security/advisories/mfsa2022-53/
2153466 https://bugzilla.redhat.com/show_bug.cgi?id=2153466
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2022-46881 https://nvd.nist.gov/vuln/detail/CVE-2022-46881
mfsa2022-44 https://www.mozilla.org/en-US/security/advisories/mfsa2022-44
mfsa2022-52 https://www.mozilla.org/en-US/security/advisories/mfsa2022-52
mfsa2022-53 https://www.mozilla.org/en-US/security/advisories/mfsa2022-53
RHSA-2022:9065 https://access.redhat.com/errata/RHSA-2022:9065
RHSA-2022:9066 https://access.redhat.com/errata/RHSA-2022:9066
RHSA-2022:9067 https://access.redhat.com/errata/RHSA-2022:9067
RHSA-2022:9068 https://access.redhat.com/errata/RHSA-2022:9068
RHSA-2022:9069 https://access.redhat.com/errata/RHSA-2022:9069
RHSA-2022:9070 https://access.redhat.com/errata/RHSA-2022:9070
RHSA-2022:9071 https://access.redhat.com/errata/RHSA-2022:9071
RHSA-2022:9072 https://access.redhat.com/errata/RHSA-2022:9072
RHSA-2022:9074 https://access.redhat.com/errata/RHSA-2022:9074
RHSA-2022:9075 https://access.redhat.com/errata/RHSA-2022:9075
RHSA-2022:9076 https://access.redhat.com/errata/RHSA-2022:9076
RHSA-2022:9077 https://access.redhat.com/errata/RHSA-2022:9077
RHSA-2022:9078 https://access.redhat.com/errata/RHSA-2022:9078
RHSA-2022:9079 https://access.redhat.com/errata/RHSA-2022:9079
RHSA-2022:9080 https://access.redhat.com/errata/RHSA-2022:9080
RHSA-2022:9081 https://access.redhat.com/errata/RHSA-2022:9081
USN-5824-1 https://usn.ubuntu.com/5824-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46881.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46881
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46881
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.37363
EPSS Score 0.00186
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.