Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2022-1529

Published: 22/12/2022 Updated: 29/12/2022
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Mozilla

Vulnerability Summary

It exists that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could exploit this to execute JavaScript in a privileged context. (CVE-2022-1529, CVE-2022-1802)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla thunderbird

mozilla firefox esr

mozilla firefox

Vendor Advisories

Ubuntu Security Notice: USN-5435-1: Thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Debian Security Advisories: DSA-5143-1 firefox-esr -- security update
Manfred Paul discovered two security issues in the Mozilla Firefox web browser, which could result in the execution of arbitrary code For the oldstable distribution (buster), these problems have been fixed in version 9191esr-1~deb10u1 For the stable distribution (bullseye), these problems have been fixed in version 9191esr-1~deb11u1 We recom ...
Debian Security Advisories: DSA-5158-1 thunderbird -- security update
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code For the oldstable distribution (buster), these problems have been fixed in version 1:91100-1~deb10u1 For the stable distribution (bullseye), these problems have been fixed in version 1:91100-1~deb11u1 We recomme ...
Amazon Linux 2: ALAS2-2022-1804
The Mozilla Foundation Security Advisory describes this flaw as:An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process (CVE-2022-1529) he Mozilla Foundat ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a se ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a se ...
Red Hat: Critical: thunderbird security update
Synopsis Critical: thunderbird security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product S ...
Red Hat: Critical: thunderbird security update
Synopsis Critical: thunderbird security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as hav ...
Red Hat: Critical: thunderbird security update
Synopsis Critical: thunderbird security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security ha ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated ...
Red Hat: Critical: thunderbird security update
Synopsis Critical: thunderbird security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as hav ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rated ...
Red Hat: Critical: thunderbird security update
Synopsis Critical: thunderbird security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as hav ...
Mozilla: Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1
Mozilla Foundation Security Advisory 2022-19 Security Vulnerabilities fixed in Firefox 10002, Firefox for Android 10030, Firefox ESR 9191 Announced May 20, 2022 Impact critical Products Firefox, Firefox ESR, Firefox for Android Fixed in ...
Arch Linux Issues:
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process ...
Check Point Security Alerts: Mozilla Multiple Products Prototype Pollution (CVE-2022-1529)
Check Point Reference: CPAI-2022-1998 Date Published: 29 Jan 2024 Severity: High ...

Github Repositories

https://github.com/mistymntncop/CVE-2022-1802

CVE-2022-1802 + CVE-2022-1529 + CVE-2022-2200 Tested against Firefox 10001 (Windows) ftpmozillaorg/pub/firefox/releases/10001/win64/en-US/Firefox%20Setup%2010001exe

Recent Articles

IT threat evolution in Q2 2022. Non-mobile statistics
Securelist • AMR • 15 Aug 2022

IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2022: Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe. Web Anti-Virus recognized 273,033,368 unique URLs as ma...

Read more...

References

CWE-1321https://bugzilla.mozilla.org/show_bug.cgi?id=1770048https://www.mozilla.org/security/advisories/mfsa2022-19/https://ubuntu.com/security/notices/USN-5435-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook