CVE-2022-1529
CVSS v3.1
8.8 (High)
EPSS
0.21 % (59th)
Affected Products
4
Advisories
31
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
Weaknesses
- CWE-1321
- Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2022-12-22 20:15:13
(21 months ago) - Updated Date
-
2022-12-29 16:41:34
(20 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
AND |
|
---|
Configuration #2
AND |
|
---|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...