CVE-2022-46871
CVE-2022-46871
In short
Firefox used an outdated library (libusrsctp) that contained security flaws which could be exploited by attackers. This could allow an attacker to compromise your browser or system.
Technical detail
Firefox versions prior to 108 included a vulnerable version of libusrsctp library with exploitable vulnerabilities (CWE-1104). Attack vector likely involves remote content interaction; successful exploitation could lead to code execution or information disclosure depending on the underlying libusrsctp vulnerability.
Summary generated and translated by AI from the official description.
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Mozilla · FirefoxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://bugzilla.mozilla.org/show_bug.cgi?id=1795697https://lists.debian.org/debian-lts-announce/2023/01/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2023/02/msg00018.htmlhttps://security.gentoo.org/glsa/202305-06https://security.gentoo.org/glsa/202305-13https://www.debian.org/security/2023/dsa-5322https://www.debian.org/security/2023/dsa-5355https://www.mozilla.org/security/advisories/mfsa2022-51/