CVE-2022-31745Improper Validation of Array Index in Mozilla Firefox

CWE-129Improper Validation of Array Index6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 54.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxDebian Firefox
Timeline
PublishedDec 22

Description

If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

debiandebian/firefox< firefox 101.0-1 (sid)
CVEListV5mozilla/firefoxunspecified101
NVDmozilla/firefox< 101.0
Ubuntumozilla/firefox< 101.0.1+build1-0ubuntu0.18.04.1+1
mozillamozilla/firefox

🔴Vulnerability Details

2
GHSA
GHSA-5hg4-mc2h-m4mm: If array shift operations are not used, the Garbage Collector may have become confused about valid objects2022-12-22
OSV
CVE-2022-31745: If array shift operations are not used, the Garbage Collector may have become confused about valid objects2022-06-01

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2022-06-13
Debian
CVE-2022-31745: firefox - If array shift operations are not used, the Garbage Collector may have become co...2022
Mozilla
Mozilla Foundation Security Advisory 2022-20: CVE-2022-31745