Opened 2 years ago
Closed 2 years ago
#16563 closed enhancement (fixed)
firefox-91.9.1 and js-91.9.1
| Reported by: | Bruce Dubbs | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | 11.2 |
| Component: | BOOK | Version: | git |
| Severity: | critical | Keywords: | |
| Cc: |
Description
Change History (3)
comment:1 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Priority: | normal → high |
| Severity: | normal → critical |
| Status: | new → assigned |
comment:2 by , 2 years ago
(removed comment about javascript and emails / rss - it was meant to be on the thunderbird ticket)
comment:3 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed in f9579a89d3459d81bdf9357cfb96b02bdc8134f4 11.1-548
SA 11.1-043
Note:
See TracTickets
for help on using tickets.
An out of band release. https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/
Two critical javascript vulnerabilities also fixed in 100.0.2 and thunderbird 91.9.1.
Mozilla Foundation Security Advisory 2022-19 Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, Thunderbird 91.9.1
Announced
Impact
Products
Fixed in
#CVE-2022-1802: Prototype pollution in Top-Level Await implementation
Reporter
Impact
Description
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. References
#CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution
Reporter
Impact
Description
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. References