CVE-2022-4291 HIGH

CVE-2022-4291: Aswjsflt.dll in Avast Antivirus windows caused a crash of the Mozilla Firefox browser due to heap corruption

Vendor Nortonlifelock
Product Avast Antivirus
Weakness CWE-119
Published December 7, 2022
Last update April 14, 2025

CVSS base score

7.7/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.

Key dates

02Disclosure timeline

December 7, 2022 CVE published
April 14, 2025 Record updated