CVE-2022-45407

HIGH7.5

If an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash

Published Dec 22, 2022

Modified 11 months ago

Fix available

Details

If an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox < 107.

Affected Packages

Firefox

Ubuntu 14.04 LTSUbuntu 16.04 LTSUbuntu 18.04 LTSUbuntu 20.04 LTSUbuntu 22.04 LTS

Fixed in:

107

Mozilla Firefox

Windows 10 (1507)Windows 10 (1607) / Server 2016Windows 10 (1809) / Server 2019Windows 10 (1903)Windows 10 (1909)

Fixed in:

107

References

WEB

https://bugzilla.mozilla.org/show_bug.cgi?id=1793314