How severe is CVE-2022-46883?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-46883?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2022-46883 - HIGH Severity | CVSS 8.8

Vulnerability Description

Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.<br />*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. This vulnerability affects Firefox < 107.

Related Vulnerabilities

CVE-2009-1532

HIGH

CVSS:8.8(High)

Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remo...

CWE-7872009

CVE-2009-3953

HIGH

CVSS:8.8(High)

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data...

CWE-7872009

CVE-2010-0127

HIGH

CVSS:8.8(High)

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave fil...

CWE-7872010

CVE-2010-0986

HIGH

CVSS:8.8(High)

Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via ...

CWE-7872010

CVE-2010-0987

HIGH

CVSS:8.8(High)

Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.

CWE-7872010

CVE-2010-1280

HIGH

CVSS:8.8(High)

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an er...

CWE-7872010