Bug 1214679 (CVE-2022-46884) - VUL-0: CVE-2022-46884: MozillaFirefox: A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash.
Summary: VUL-0: CVE-2022-46884: MozillaFirefox: A potential use-after-free vulnerabili...
Status: RESOLVED INVALID
Alias: CVE-2022-46884
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Mozilla Bugs
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/376242/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-08-28 09:46 UTC by Alexander Bergmann
Modified: 2023-08-28 09:48 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2023-08-28 09:46:38 UTC 
CVE-2022-46884

A potential use-after-free vulnerability existed in SVG Images if the Refresh
Driver was destroyed at an inopportune time.  This could have lead to memory
corruption or a potentially exploitable crash.
*Note*: This advisory was added on December 13th, 2022 after discovering it was
inadvertently left out of the original advisory. The fix was included in the
original release of Firefox 106. This vulnerability affects Firefox < 106.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46884
https://www.cve.org/CVERecord?id=CVE-2022-46884
https://www.mozilla.org/security/advisories/mfsa2022-44/
https://bugzilla.mozilla.org/show_bug.cgi?id=1786818
Comment 1 Alexander Bergmann 2023-08-28 09:48:02 UTC 
This issue was opened for reference purpose.

The issue did not affect the Firefox ESR version.