An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104.

Related CVEs

CVE-2022-38475

Key Information

GHSA ID

GHSA-vwhh-g8g6-6pf7

Published

December 22, 2022 9:30 PM

Last Modified

April 15, 2025 6:31 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.