CVE-2022-38475

{"id": "CVE-2022-38475", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-12-22T20:15:36.987", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1773266", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-33/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104."}, {"lang": "es", "value": "Un atacante podr\u00eda haber escrito un valor en el primer elemento de una matriz JavaScript de longitud cero. Aunque la matriz ten\u00eda longitud cero, el valor no se escribi\u00f3 en una direcci\u00f3n de memoria no v\u00e1lida. Esta vulnerabilidad afecta a Firefox &lt; 104."}], "lastModified": "2023-01-03T20:57:02.993", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70DE2928-97D5-4674-9A65-11445420644E", "versionEndExcluding": "104.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}