Severity
High
Analysis Summary
CVE-2022-46882 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in WebGL. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2022-46881 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in WebGL. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2022-46880 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in WebGL. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2022-46879 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2022-46877 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the delaying or suppression of the fullscreen notification. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause user confusion or conduct spoofing attacks.
CVE-2022-46875 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the lack of the executable file warning when downloading .atloc and .ftploc files. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass download protections and run commands on a user’s computer.
CVE-2022-46874 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by the truncation of a filename which removes the valid extension, and leaving a malicious extension in its place. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2022-46873 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by the failure to implement the unsafe-hashes CSP directive. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to inject and execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2022-46872 CVSS:8.1
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a compromised content process. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to escape the sandbox to read arbitrary files via clipboard-related IPC messages.
CVE-2022-46871 CVSS:8.8
Mozilla Firefox could provide weaker than expected security, caused by an out of date library (libusrsctp) that contains multiple vulnerabilities. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to launch further attacks on the system.
Impact
- Denial of Service
- Code Execution
- Gain Access
- Information Disclosure
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-46882
- CVE-2022-46881
- CVE-2022-46880
- CVE-2022-46879
- CVE-2022-46877
- CVE-2022-46875
- CVE-2022-46874
- CVE-2022-46873
- CVE-2022-46872
- CVE-2022-46871
Affected Vendors
Mozilla
Affected Products
- Mozilla Thunderbird 102.5
- Mozilla Firefox ESR 102.5
- Mozilla Firefox 107
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.