Search for vulnerabilities
Vulnerability details: VCID-pzsn-rj7p-aaar
Vulnerability ID VCID-pzsn-rj7p-aaar
Aliases CVE-2022-46878
Summary Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46878.json
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00493 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00493 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00493 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00493 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00493 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00493 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00493 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00493 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00493 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00493 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.00493 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
epss 0.01491 https://api.first.org/data/v1/epss?cve=CVE-2022-46878
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46878
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46878
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-51
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-52
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-53
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46878.json
https://api.first.org/data/v1/epss?cve=CVE-2022-46878
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1782219%2C1797370%2C1797685%2C1801102%2C1801315%2C1802395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46882
https://security.gentoo.org/glsa/202305-06
https://security.gentoo.org/glsa/202305-13
https://www.mozilla.org/security/advisories/mfsa2022-51/
https://www.mozilla.org/security/advisories/mfsa2022-52/
https://www.mozilla.org/security/advisories/mfsa2022-53/
2153454 https://bugzilla.redhat.com/show_bug.cgi?id=2153454
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2022-46878 https://nvd.nist.gov/vuln/detail/CVE-2022-46878
mfsa2022-51 https://www.mozilla.org/en-US/security/advisories/mfsa2022-51
mfsa2022-52 https://www.mozilla.org/en-US/security/advisories/mfsa2022-52
mfsa2022-53 https://www.mozilla.org/en-US/security/advisories/mfsa2022-53
RHSA-2022:9065 https://access.redhat.com/errata/RHSA-2022:9065
RHSA-2022:9066 https://access.redhat.com/errata/RHSA-2022:9066
RHSA-2022:9067 https://access.redhat.com/errata/RHSA-2022:9067
RHSA-2022:9068 https://access.redhat.com/errata/RHSA-2022:9068
RHSA-2022:9069 https://access.redhat.com/errata/RHSA-2022:9069
RHSA-2022:9070 https://access.redhat.com/errata/RHSA-2022:9070
RHSA-2022:9071 https://access.redhat.com/errata/RHSA-2022:9071
RHSA-2022:9072 https://access.redhat.com/errata/RHSA-2022:9072
RHSA-2022:9074 https://access.redhat.com/errata/RHSA-2022:9074
RHSA-2022:9075 https://access.redhat.com/errata/RHSA-2022:9075
RHSA-2022:9076 https://access.redhat.com/errata/RHSA-2022:9076
RHSA-2022:9077 https://access.redhat.com/errata/RHSA-2022:9077
RHSA-2022:9078 https://access.redhat.com/errata/RHSA-2022:9078
RHSA-2022:9079 https://access.redhat.com/errata/RHSA-2022:9079
RHSA-2022:9080 https://access.redhat.com/errata/RHSA-2022:9080
RHSA-2022:9081 https://access.redhat.com/errata/RHSA-2022:9081
USN-5782-1 https://usn.ubuntu.com/5782-1/
USN-5824-1 https://usn.ubuntu.com/5824-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46878.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46878
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46878
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.52962
EPSS Score 0.0033
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.