Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-28285

When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

Related bugs and status

CVE-2022-28285 (Candidate) is related to these bugs:

Bug #1970502: New release 91.8

Summary				In	Importance	Status
	1970502	New release 91.8		thunderbird (Ubuntu)	High	Fix Released

Bug #1976260: mozjs91 ftbfs in the jammy release pocket

Summary				In	Importance	Status
	1976260	mozjs91 ftbfs in the jammy release pocket		mozjs91 (Ubuntu)	High	Fix Released
	1976260	mozjs91 ftbfs in the jammy release pocket		mozjs91 (Ubuntu Jammy)	High	Fix Released

Bug #1978961: Update mozjs91 to 91.10

Summary				In	Importance	Status
	1978961	Update mozjs91 to 91.10		mozjs91 (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.mozil...
MISC: https://www.mozilla.or...
MISC: https://www.mozilla.or...
MISC: https://www.mozilla.or...