CVE-2022-45407

Summary

If an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox < 107.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 107affected

Weaknesses

  • Loading fonts on workers was not thread-safe

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References