CVE-2022-46884: 
NixOS vulnerability analysis and mitigation

CVE-2022-46884 is a use-after-free vulnerability discovered in Mozilla Firefox's SVG Images implementation. The vulnerability was identified when the Refresh Driver was destroyed at an inopportune time, potentially leading to memory corruption or exploitable crashes. The issue was fixed in Firefox 106, with the advisory being added on December 13th, 2022, after it was inadvertently left out of the original advisory (Mozilla Advisory, NVD).

The vulnerability is classified as a use-after-free (CWE-416) issue with a CVSS v3.1 base score of 8.8 (HIGH), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The technical root cause was identified in the SVG Images component where the Refresh Driver could be destroyed at an inappropriate time, leading to potential memory corruption. The vulnerability specifically affects Firefox versions prior to 106.0 (NVD).

The vulnerability could lead to memory corruption or a potentially exploitable crash, which could result in arbitrary code execution. Given the CVSS score and vector string, the vulnerability requires user interaction but could lead to high impacts on confidentiality, integrity, and availability if successfully exploited (Mozilla Advisory).

The vulnerability was fixed in Firefox version 106. Users are advised to upgrade to Firefox 106 or later to mitigate this security issue. The fix was actually included in the original release of Firefox 106, although the advisory was added later (Mozilla Advisory).