6.5
CVE-2022-40957
- EPSS 1.08%
- Veröffentlicht 22.12.2022 20:15:38
- Zuletzt bearbeitet 15.04.2025 17:15:37
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Firefox ESR Version < 102.3
Mozilla ≫ Thunderbird Version < 102.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.08% | 0.608 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
CWE-240 Improper Handling of Inconsistent Structural Elements
The product does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.
https://www.mozilla.org/security/advisories/mfsa2022-42/
https://www.mozilla.org/security/advisories/mfsa2022-40/
https://www.mozilla.org/security/advisories/mfsa2022-41/
https://bugzilla.mozilla.org/show_bug.cgi?id=1777604