Updates 5/20/2022 - Firefox

https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/

Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1

Announced

May 20, 2022

Impact

critical

Products

Firefox, Firefox ESR, Firefox for Android

Fixed in

Firefox 100.0.2
Firefox ESR 91.9.1
Firefox for Android 100.3

#CVE-2022-1802: Prototype pollution in Top-Level Await implementation

Reporter: Manfred Paul via Trend Micro's Zero Day Initiative
Impact: critical

Description

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.

References

Bug 1770137

#CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

Reporter: Manfred Paul via Trend Micro's Zero Day Initiative
Impact: critical

Description

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process.

References

Bug 1770048

===============================

Available via the internal updater: Help / About Firefox

View All

No Events found!

Virus & Spyware

Updates 5/20/2022 - Firefox

https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/

Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1

#CVE-2022-1802: Prototype pollution in Top-Level Await implementation

Description

References

#CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

Description

References

Was this post helpful?