Issued: Sunday, 22 May, 2022 |
Last Revision: Sunday, 22 May, 2022 |
Vendor: |
Product: |
Severity Level: |
Mozilla has released critical security updates for Firefox, Firefox ESR, and Thunderbird, addressing critical vulnerabilities. Most severe of discovered vulnerabilities could allow remote code execution on successful exploitation.
A remote attacker can persuade a victim to visit a specially constructed website, corrupt the methods of an Array object in JavaScript via prototype pollution, and run arbitrary JavaScript code in a privileged context, potentially allowing an attacker to compromise the system.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-1802 | Prototype pollution in Top-Level Await implementation | 7.7 |
CVE-2022-1529 | Input validation error | 7.7 |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) | Fixed Version(s) |
CVE-2022-1802 CVE-2022-1529 | Prior to Firefox 100.0.2, Firefox ESR 91.9.1, Firefox for Android 100.3, and Thunderbird 91.9.1 | Firefox 100.0.2 Firefox ESR 91.9.1 Firefox for Android 100.3 Thunderbird 91.9.1 |
Table 2: Vulnerable versions
Apply Mozilla's recommended upgrades to vulnerable systems as soon as possible following thorough testing.