Search for vulnerabilities
Vulnerability details: VCID-qw1t-zwmk-aaaf
Vulnerability ID VCID-qw1t-zwmk-aaaf
Aliases CVE-2022-46880
Summary A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46880.json
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2022-46880
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46880
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-46880
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-40
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-52
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-53
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46880.json
https://api.first.org/data/v1/epss?cve=CVE-2022-46880
https://bugzilla.mozilla.org/show_bug.cgi?id=1749292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46882
https://security.gentoo.org/glsa/202305-06
https://security.gentoo.org/glsa/202305-13
https://www.mozilla.org/security/advisories/mfsa2022-40/
https://www.mozilla.org/security/advisories/mfsa2022-52/
https://www.mozilla.org/security/advisories/mfsa2022-53/
2153463 https://bugzilla.redhat.com/show_bug.cgi?id=2153463
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2022-46880 https://nvd.nist.gov/vuln/detail/CVE-2022-46880
mfsa2022-40 https://www.mozilla.org/en-US/security/advisories/mfsa2022-40
mfsa2022-52 https://www.mozilla.org/en-US/security/advisories/mfsa2022-52
mfsa2022-53 https://www.mozilla.org/en-US/security/advisories/mfsa2022-53
RHSA-2022:9065 https://access.redhat.com/errata/RHSA-2022:9065
RHSA-2022:9066 https://access.redhat.com/errata/RHSA-2022:9066
RHSA-2022:9067 https://access.redhat.com/errata/RHSA-2022:9067
RHSA-2022:9068 https://access.redhat.com/errata/RHSA-2022:9068
RHSA-2022:9069 https://access.redhat.com/errata/RHSA-2022:9069
RHSA-2022:9070 https://access.redhat.com/errata/RHSA-2022:9070
RHSA-2022:9071 https://access.redhat.com/errata/RHSA-2022:9071
RHSA-2022:9072 https://access.redhat.com/errata/RHSA-2022:9072
RHSA-2022:9074 https://access.redhat.com/errata/RHSA-2022:9074
RHSA-2022:9075 https://access.redhat.com/errata/RHSA-2022:9075
RHSA-2022:9076 https://access.redhat.com/errata/RHSA-2022:9076
RHSA-2022:9077 https://access.redhat.com/errata/RHSA-2022:9077
RHSA-2022:9078 https://access.redhat.com/errata/RHSA-2022:9078
RHSA-2022:9079 https://access.redhat.com/errata/RHSA-2022:9079
RHSA-2022:9080 https://access.redhat.com/errata/RHSA-2022:9080
RHSA-2022:9081 https://access.redhat.com/errata/RHSA-2022:9081
USN-5824-1 https://usn.ubuntu.com/5824-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46880.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46880
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46880
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.30364
EPSS Score 0.00138
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.