How severe is CVE-2022-31737?

CVE-2022-31737 has a severity rating of 7, which is considered high.

Which software products are affected by CVE-2022-31737?

Mozilla Firefox (up to exclusive version 101), Firefox ESR (up to exclusive version 91.10), and Thunderbird (up to exclusive version 91.10) are affected by CVE-2022-31737.

How can a malicious webpage exploit CVE-2022-31737?

A malicious webpage can exploit CVE-2022-31737 by causing an out-of-bounds write in WebGL, leading to memory corruption and potentially exploitable crashes.

Where can I find more information about CVE-2022-31737?

You can find more information about CVE-2022-31737 on Mozilla's official security advisories: [mfsa2022-20](https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/) and [mfsa2022-22](https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/), as well as on [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1743767).

Vulnerability/
CVE-2022-31737

critical

9.8

CWE

787 119

31/5/2022

22/12/2022

3/8/2024

CVE-2022-31737: Buffer Overflow

Q: What is CVE-2022-31737?

CVE-2022-31737 is a vulnerability that allows a malicious webpage to cause an out-of-bounds write in WebGL, leading to memory corruption and potentially exploitable crashes in Mozilla Firefox, Firefox ESR, and Thunderbird.

First published: Tue May 31 2022(Updated: )

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Firefox	<101	101
	<101	101
	<91.10	91.10
	<91.10	91.10
Mozilla Firefox	<101
Mozilla Firefox ESR	<91.10
Mozilla Thunderbird	<91.10

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2022-31737?
CVE-2022-31737 is a vulnerability that allows a malicious webpage to cause an out-of-bounds write in WebGL, leading to memory corruption and potentially exploitable crashes in Mozilla Firefox, Firefox ESR, and Thunderbird.
How severe is CVE-2022-31737?
CVE-2022-31737 has a severity rating of 7, which is considered high.
Which software products are affected by CVE-2022-31737?
Mozilla Firefox (up to exclusive version 101), Firefox ESR (up to exclusive version 91.10), and Thunderbird (up to exclusive version 91.10) are affected by CVE-2022-31737.
How can a malicious webpage exploit CVE-2022-31737?
A malicious webpage can exploit CVE-2022-31737 by causing an out-of-bounds write in WebGL, leading to memory corruption and potentially exploitable crashes.
Where can I find more information about CVE-2022-31737?
You can find more information about CVE-2022-31737 on Mozilla's official security advisories: [mfsa2022-20](https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/) and [mfsa2022-22](https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/), as well as on [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1743767).

agent/last-modified-date
agent/first-publish-date
agent/type
agent/softwarecombine
agent/severity
agent/references
agent/weakness
agent/author
collector/mozilla-advisory
source/Mozilla
agent/software-canonical-lookup
agent/event
agent/description
agent/software-canonical-lookup-request
agent/tags
collector/nvd-index
collector/mitre-cve
source/MITRE
vendor/mozilla
canonical/mozilla firefox esr
canonical/mozilla thunderbird
canonical/mozilla firefox