CVE-2022-28285 — Out-of-bounds Read in Mozilla Firefox

CWE-125 — Out-of-bounds Read15 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 51.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedDec 22

Description

When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

▶CVEListV5mozilla/firefoxunspecified — 99

▶NVDmozilla/firefox< 99.0

▶CVEListV5mozilla/firefox_esrunspecified — 91.8

▶NVDmozilla/firefox_esr< 91.8

▶Ubuntumozilla/firefox< 99.0+build2-0ubuntu0.18.04.2+1

🔴Vulnerability Details

GHSA

GHSA-fmhg-h49x-72gp: When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used↗2022-12-22

▶

OSV

CVE-2022-28285: When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used↗2022-12-22

▶

CVEList

CVE-2022-28285: When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used↗2022-12-22

▶

OSV

mozjs91 vulnerabilities↗2022-06-27

▶

OSV

thunderbird vulnerabilities↗2022-04-27

▶

📋Vendor Advisories

Ubuntu

SpiderMonkey JavaScript Library vulnerabilities↗2022-06-27

▶

Ubuntu

Thunderbird vulnerabilities↗2022-04-27

▶

Ubuntu

Firefox vulnerabilities↗2022-04-07

▶

Red Hat

Mozilla: Incorrect AliasSet used in JIT Codegen↗2022-04-05

▶

Debian

CVE-2022-28285: firefox - When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, a...↗2022

▶