{"id":"CVE-2022-28285","details":"When generating the assembly code for \u003ccode\u003eMLoadTypedArrayElementHole\u003c/code\u003e, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird \u003c 91.8, Firefox \u003c 99, and Firefox ESR \u003c 91.8.","modified":"2026-03-15T22:45:00.944082Z","published":"2022-12-22T20:15:24.303Z","related":["ALSA-2022:1287","ALSA-2022:1301","MGASA-2022-0156","MGASA-2022-0157","SUSE-RU-2022:1114-1","SUSE-RU-2022:1125-1","SUSE-RU-2022:14935-1","SUSE-SU-2022:1127-1","SUSE-SU-2022:1176-1","openSUSE-SU-2022:1127-1","openSUSE-SU-2024:11975-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1756957"},{"type":"EVIDENCE","url":"https://www.mozilla.org/security/advisories/mfsa2022-13/"},{"type":"EVIDENCE","url":"https://www.mozilla.org/security/advisories/mfsa2022-14/"},{"type":"EVIDENCE","url":"https://www.mozilla.org/security/advisories/mfsa2022-15/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28285.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"99.0"}]},{"events":[{"introduced":"0"},{"fixed":"91.8"}]},{"events":[{"introduced":"0"},{"fixed":"91.8"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}