1. Home
  2. Vulnerabilities
  3. CVE-2022-1802

CVE-2022-1802

CVSS v3.1 8.8 (High)
88% Progress
EPSS 0.25 % (65th)
0.25% Progress
Affected Products 4
Advisories 31
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.

Weaknesses
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2022-12-22 20:15:13
(21 months ago)
Updated Date
2022-12-29 16:39:05
(20 months ago)

Affected Products

Google

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 100.0.2 version cpe:2.3:a:mozilla:firefox < 100.0.2
OR  
  Running on/with
  Mozilla Firefox Esr prior 91.9.1 version cpe:2.3:a:mozilla:firefox_esr < 91.9.1
OR  
  Running on/with
  Mozilla Thunderbird prior 91.9.1 version cpe:2.3:a:mozilla:thunderbird < 91.9.1

Configuration #2

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 100.3.0 version cpe:2.3:a:mozilla:firefox < 100.3.0
OR  
  Running on/with
  Google Android cpe:2.3:o:google:android:-