UBUNTU-CVE-2022-46871

HIGH8.8

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.

Published Dec 14, 2022

Modified 5 months ago

Fix available

Details

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.

Affected Packages(12 packages)

firefox

Ubuntu 18.04 LTS

Fixed in:

108.0+build2-0ubuntu0.18.04.1

mozjs38

Ubuntu 18.04 LTS

Affected versions:

38.8.0~repack1-0ubuntu138.8.0~repack1-0ubuntu338.8.0~repack1-0ubuntu4

mozjs52

Ubuntu 18.04 LTS

Affected versions:

52.3.1-0ubuntu352.3.1-7fakesync152.8.1-0ubuntu0.18.04.152.9.1-0ubuntu0.18.04.1

thunderbird

Ubuntu 18.04 LTS

Fixed in:

1:102.7.1+build2-0ubuntu0.18.04.1

firefox

Ubuntu 20.04 LTS

Fixed in:

108.0+build2-0ubuntu0.20.04.1

libusrsctp

Ubuntu 20.04 LTS

Affected versions:

0.9.3.0+20190127-20.9.3.0+20190901-1

mozjs52

Ubuntu 20.04 LTS

Affected versions:

52.9.1-1build152.9.1-1ubuntu3

mozjs68

Ubuntu 20.04 LTS

Affected versions:

68.5.0-1~fakesync68.5.0-2~fakesync68.6.0-168.6.0-1ubuntu1

thunderbird

Ubuntu 20.04 LTS

Fixed in:

1:102.7.1+build2-0ubuntu0.20.04.1

mozjs78

Ubuntu 22.04 LTS

Affected versions:

78.13.0-178.15.0-278.15.0-4ubuntu1

References

REPORT

https://ubuntu.com/security/CVE-2022-46871

ADVISORY

https://ubuntu.com/security/notices/USN-5782-1

ADVISORY

https://ubuntu.com/security/notices/USN-5824-1

REPORT

https://www.cve.org/CVERecord?id=CVE-2022-46871

REPORT

https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46871

CVSS Analysis

CVSS v3.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Upstream

CVE-2022-46871

USN-5782-1 USN-5824-1

Ecosystems

Ubuntu 18.04 LTS Ubuntu 20.04 LTS Ubuntu 22.04 LTS

Timeline

PublishedDec 14, 2022

ModifiedOct 24, 2025

UBUNTU-CVE-2022-46871 | Mondoo Vulnerability Intelligence