CVE-2022-26486
CVSS v3.1
9.6 (Critical)
EPSS
0.27 % (68th)
Affected Products
4
Advisories
26
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
Weaknesses
- CWE-416
- Use After Free
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2022-12-22 20:15:22
(21 months ago) - Updated Date
-
2022-12-30 20:55:00
(20 months ago)
Mozilla Firefox Use-After-Free Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.
- Required Action
- Apply updates per vendor instructions.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://nvd.nist.gov/vuln/detail/CVE-2022-26486
- Vendor
- Mozilla
- Product
- Firefox
- In CISA Catalog from
-
2022-03-07
(2 years ago) - Due Date
-
2022-03-21
(2 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...