What is the severity of CVE-2022-45406?

The severity of CVE-2022-45406 is high with a severity value of 7.

Which software products are affected by CVE-2022-45406?

The software products affected by CVE-2022-45406 are Mozilla Thunderbird (up to version 102.5), Mozilla Firefox ESR (up to version 102.5), and Mozilla Firefox (up to version 107).

How can CVE-2022-45406 be exploited?

CVE-2022-45406 can be exploited through a use-after-free vulnerability caused by a deleted JavaScript realm in a BaseShape object.

What is the remedy for CVE-2022-45406?

The recommended remedy for CVE-2022-45406 is to update Mozilla Thunderbird to version 102.5, Mozilla Firefox ESR to version 102.5, and Mozilla Firefox to version 107.

Are there any references for CVE-2022-45406?

Yes, you can find references for CVE-2022-45406 at the following links: [Mozilla Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1791975), [Mozilla Security Advisory MFSAs](https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/), and [Mozilla Security Advisory MFSAs](https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/).

Vulnerability/
CVE-2022-45406

critical

9.8

CWE

416

15/11/2022

22/12/2022

3/8/2024

CVE-2022-45406: Use After Free

First published: Tue Nov 15 2022(Updated: )

If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Thunderbird	<102.5	102.5
	<107	107
	<102.5	102.5
	<102.5	102.5
Mozilla Firefox	<107.0
Mozilla Firefox ESR	<102.5
Mozilla Thunderbird	<102.5

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2022-45406?
The severity of CVE-2022-45406 is high with a severity value of 7.
Which software products are affected by CVE-2022-45406?
The software products affected by CVE-2022-45406 are Mozilla Thunderbird (up to version 102.5), Mozilla Firefox ESR (up to version 102.5), and Mozilla Firefox (up to version 107).
How can CVE-2022-45406 be exploited?
CVE-2022-45406 can be exploited through a use-after-free vulnerability caused by a deleted JavaScript realm in a BaseShape object.
What is the remedy for CVE-2022-45406?
The recommended remedy for CVE-2022-45406 is to update Mozilla Thunderbird to version 102.5, Mozilla Firefox ESR to version 102.5, and Mozilla Firefox to version 107.
Are there any references for CVE-2022-45406?
Yes, you can find references for CVE-2022-45406 at the following links: [Mozilla Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1791975), [Mozilla Security Advisory MFSAs](https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/), and [Mozilla Security Advisory MFSAs](https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/).

collector/mozilla-advisory
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/severity
agent/references
agent/author
source/Mozilla
agent/software-canonical-lookup
agent/event
agent/description
agent/weakness
agent/software-canonical-lookup-request
agent/tags
collector/nvd-index
collector/mitre-cve
source/MITRE
vendor/mozilla
canonical/mozilla thunderbird
canonical/mozilla firefox esr
canonical/mozilla firefox