CVE-2022-38475
MEDIUM WAF: Low
CVSS 6.5
Published: 2022-12-22
CWE-863 CWE-863
An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104.
WAF Coverage Analysis
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | up to 104.0 |
References
- bugzilla.mozilla.org (Issue Tracking, Permissions Required, Vendor Advisory)
- www.mozilla.org (Vendor Advisory)