Use-After-Free Vulnerability in SVG Text Reflow Leading to Potential Exploitable Crash in Firefox and Thunderbird

Use-After-Free Vulnerability in SVG Text Reflow Leading to Potential Exploitable Crash in Firefox and Thunderbird

CVE-2022-26381 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

Learn more about our Web Application Penetration Testing UK.