Bug 1214679 (CVE-2022-46884)

Summary: VUL-0: CVE-2022-46884: MozillaFirefox: A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash.
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Mozilla Bugs <mozilla-bugs>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: abergmann, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/376242/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2023-08-28 09:46:38 UTC 
CVE-2022-46884

A potential use-after-free vulnerability existed in SVG Images if the Refresh
Driver was destroyed at an inopportune time.  This could have lead to memory
corruption or a potentially exploitable crash.
*Note*: This advisory was added on December 13th, 2022 after discovering it was
inadvertently left out of the original advisory. The fix was included in the
original release of Firefox 106. This vulnerability affects Firefox < 106.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46884
https://www.cve.org/CVERecord?id=CVE-2022-46884
https://www.mozilla.org/security/advisories/mfsa2022-44/
https://bugzilla.mozilla.org/show_bug.cgi?id=1786818
Comment 1 Alexander Bergmann 2023-08-28 09:48:02 UTC 
This issue was opened for reference purpose.

The issue did not affect the Firefox ESR version.