Issued: Monday, 19 December, 2022 |
Last Revision: Monday, 19 December, 2022 |
Vendor: |
Product: |
Severity Level: |
Summary:
Mozilla has released critical security updates for Firefox, Firefox ESR, and Thunderbird, addressing multiple vulnerabilities. Most severe of discovered vulnerabilities could lead to memory corruption and arbitrary code execution on successful exploitation.
CVE/Vulnerability | Affected Products | Description | Severity | Exploitable |
CVE-2022-46872 | Thunderbird 102.6
Firefox ESR 102.6
Firefox 108
| Arbitrary file read from a compromised content process | High | No |
CVE-2022-46881 | Memory corruption in WebGL | High | No | |
CVE-2022-46880 | Use-after-free in WebGL | High | No | |
CVE-2022-46881 | Memory corruption in WebGL | High | No | |
CVE-2022-46871 | libusrsctp library out of date | High | No |
Recommendation:
Organizations are encouraged to necessary updates affected versions to latest as soon as possible.
References: