How severe is CVE-2022-46881?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-46881?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2022-46881 - HIGH Severity | CVSS 8.8

Vulnerability Description

An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6.

Related Vulnerabilities

CVE-2009-1532

HIGH

CVSS:8.8(High)

Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remo...

CWE-7872009

CVE-2009-3953

HIGH

CVSS:8.8(High)

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data...

CWE-7872009

CVE-2010-0127

HIGH

CVSS:8.8(High)

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave fil...

CWE-7872010

CVE-2010-0986

HIGH

CVSS:8.8(High)

Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via ...

CWE-7872010

CVE-2010-0987

HIGH

CVSS:8.8(High)

Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.

CWE-7872010

CVE-2010-1280

HIGH

CVSS:8.8(High)

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an er...

CWE-7872010