gsd-2022-28285
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-28285",
"id": "GSD-2022-28285"
},
"gsd": {
"affected": [
{
"package": {
"ecosystem": "Mozilla",
"name": "Thunderbird"
},
"ranges": [
{
"events": [
{
"fixed": "91.8"
},
{
"introduced": "0"
}
],
"type": "SEMVER"
}
],
"version": []
},
{
"package": {
"ecosystem": "Mozilla",
"name": "Firefox"
},
"ranges": [
{
"events": [
{
"fixed": "99"
},
{
"introduced": "0"
}
],
"type": "SEMVER"
}
],
"version": []
},
{
"package": {
"ecosystem": "Mozilla",
"name": "Firefox ESR"
},
"ranges": [
{
"events": [
{
"fixed": "91.8"
},
{
"introduced": "0"
}
],
"type": "SEMVER"
}
],
"version": []
}
],
"alias": [
"CVE-2022-28285"
],
"database_specific": {
"GSD": {
"alias": "CVE-2022-28285",
"id": "GSD-2022-28285",
"references": [
"https://www.suse.com/security/cve/CVE-2022-28285.html",
"https://www.debian.org/security/2022/dsa-5113",
"https://www.debian.org/security/2022/dsa-5118",
"https://access.redhat.com/errata/RHSA-2022:1283",
"https://access.redhat.com/errata/RHSA-2022:1284",
"https://access.redhat.com/errata/RHSA-2022:1285",
"https://access.redhat.com/errata/RHSA-2022:1286",
"https://access.redhat.com/errata/RHSA-2022:1287",
"https://access.redhat.com/errata/RHSA-2022:1301",
"https://access.redhat.com/errata/RHSA-2022:1302",
"https://access.redhat.com/errata/RHSA-2022:1303",
"https://access.redhat.com/errata/RHSA-2022:1305",
"https://access.redhat.com/errata/RHSA-2022:1326",
"https://ubuntu.com/security/CVE-2022-28285",
"https://advisories.mageia.org/CVE-2022-28285.html",
"https://security.archlinux.org/CVE-2022-28285",
"https://linux.oracle.com/cve/CVE-2022-28285.html"
]
}
},
"details": "When generating the assembly code for \u003ccode\u003eMLoadTypedArrayElementHole\u003c/code\u003e, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird \u003c 91.8, Firefox \u003c 99, and Firefox ESR \u003c 91.8.",
"id": "GSD-2022-28285",
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"modified": "2022-09-27T16:35:16.933489Z",
"osvSchema": {
"aliases": [
"CVE-2022-28285"
],
"details": "When generating the assembly code for \u003ccode\u003eMLoadTypedArrayElementHole\u003c/code\u003e, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird \u003c 91.8, Firefox \u003c 99, and Firefox ESR \u003c 91.8.",
"id": "GSD-2022-28285",
"modified": "2023-12-13T01:19:34.251371Z",
"schema_version": "1.4.0"
},
"references": [
{
"type": "ADVISORY",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-14/"
},
{
"type": "ADVISORY",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-15/"
},
{
"type": "ADVISORY",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-13/"
},
{
"type": "ADVISORY",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1756957"
},
{
"type": "ADVISORY",
"url": "https://www.suse.com/security/cve/CVE-2022-28285.html"
},
{
"type": "ADVISORY",
"url": "https://www.debian.org/security/2022/dsa-5113"
},
{
"type": "ADVISORY",
"url": "https://www.debian.org/security/2022/dsa-5118"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:1283"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:1284"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:1285"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:1286"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:1287"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:1301"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:1302"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:1303"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:1305"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:1326"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/CVE-2022-28285"
},
{
"type": "ADVISORY",
"url": "https://advisories.mageia.org/CVE-2022-28285.html"
},
{
"type": "ADVISORY",
"url": "https://security.archlinux.org/CVE-2022-28285"
},
{
"type": "ADVISORY",
"url": "https://linux.oracle.com/cve/CVE-2022-28285.html"
}
],
"schema_version": "1.3.0",
"summary": "When generating the assembly code for \u003ccode\u003eMLoadTypedArrayElementHole\u003c/code\u003e, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird \u003c 91.8, Firefox \u003c 99, and Firefox ESR \u003c 91.8."
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2022-28285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "91.8"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "99"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "91.8"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When generating the assembly code for \u003ccode\u003eMLoadTypedArrayElementHole\u003c/code\u003e, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird \u003c 91.8, Firefox \u003c 99, and Firefox ESR \u003c 91.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect AliasSet used in JIT Codegen"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-13/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-13/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-14/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-14/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-15/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-15/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1756957",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1756957"
}
]
}
},
"mozilla.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2022-28285"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "91.8"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "99"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "91.8"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When generating the assembly code for \u003ccode\u003eMLoadTypedArrayElementHole\u003c/code\u003e, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird \u003c 91.8, Firefox \u003c 99, and Firefox ESR \u003c 91.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect AliasSet used in JIT Codegen"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-14/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-15/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-13/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1756957"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "91.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "91.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "99.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2022-28285"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "When generating the assembly code for \u003ccode\u003eMLoadTypedArrayElementHole\u003c/code\u003e, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird \u003c 91.8, Firefox \u003c 99, and Firefox ESR \u003c 91.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-13/",
"refsource": "MISC",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-13/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-15/",
"refsource": "MISC",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-15/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1756957",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1756957"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-14/",
"refsource": "MISC",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-14/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-12-30T20:46Z",
"publishedDate": "2022-12-22T20:15Z"
}
}
}
Loading...