If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.

Affected configurations

NVD

Node

mozillafirefoxRange<100.0.2

mozillafirefox_esrRange<91.9.1

mozillathunderbirdRange<91.9.1

Node

mozillafirefoxRange<100.3.0

AND

googleandroidMatch-

References

bugzilla.mozilla.org/show_bug.cgi?id=1770137

www.mozilla.org/security/advisories/mfsa2022-19/

cvelist 1

veracode 1

ubuntucve 1

cve 1

zdi 1

debiancve 1

alpinelinux 1

redhatcve 1

prion 1

githubexploit 1

nessus 46

oraclelinux 6

osv 10

redhat 12

openvas 22

kaspersky 3

suse 2

rocky 2

slackware 2

redos 2

debian 4

malwarebytes 1

thn 1

altlinux 2

almalinux 2

mozilla 1

mageia 1

amazon 1

ubuntu 2

securelist 1

ibm 2

gentoo 2

cvelist

CVE-2022-1802

2022-12-22 00:00:00

veracode

Prototype Pollution

2022-05-23 17:53:13

ubuntucve

CVE-2022-1802

2022-05-23 00:00:00

cve

CVE-2022-1802

2022-12-22 20:15:13

zdi

(Pwn2Own) Mozilla Firefox Top-Level Await Prototype Pollution Remote Code Execution Vulnerability

2022-05-27 00:00:00

debiancve

CVE-2022-1802

2022-12-22 20:15:13

alpinelinux

CVE-2022-1802

2022-12-22 20:15:13

redhatcve

CVE-2022-1802

2022-05-23 09:19:46

prion

Code injection

2022-12-22 20:15:00

githubexploit

Exploit for Prototype Pollution in Mozilla Firefox

2022-08-20 03:01:30

nessus

RHEL 8 : firefox (RHSA-2022:4776)

2022-05-27 00:00:00

RHEL 8 : thunderbird (RHSA-2022:4770)

2022-05-27 00:00:00

Oracle Linux 8 : thunderbird (ELSA-2022-4769)

2022-05-30 00:00:00

oraclelinux

firefox security update

2022-06-30 00:00:00

thunderbird security update

2022-05-24 00:00:00

thunderbird security update

2022-06-30 00:00:00

osv

firefox-esr - security update

2022-05-24 00:00:00

Critical: firefox security update

2022-05-27 18:28:08

Critical: thunderbird security update

2022-05-27 18:24:54

redhat

(RHSA-2022:4773) Critical: thunderbird security update

2022-05-26 21:55:20

(RHSA-2022:4767) Critical: firefox security update

2022-05-27 02:35:04

(RHSA-2022:4729) Critical: firefox security update

2022-05-24 14:47:00

openvas

SUSE: Security Advisory (SUSE-SU-2022:1830-1)

2022-05-25 00:00:00

Mageia: Security Advisory (MGASA-2022-0207)

2022-05-26 00:00:00

Mozilla Thunderbird Security Advisory (MFSA2022-19) - Mac OS X

2022-07-07 00:00:00

kaspersky

KLA12541 Multiple vulnerabilities in Mozilla Thunderbird

2022-05-20 00:00:00

KLA12542 Multiple vulnerabilities in Mozilla Firefox ESR

2022-05-20 00:00:00

KLA12543 Multiple vulnerabilities in Mozilla Firefox

2022-05-20 00:00:00

suse

Security update for MozillaFirefox (important)

2022-05-24 00:00:00

Security update for MozillaThunderbird (important)

2022-06-13 00:00:00

rocky

firefox security update

2022-05-27 18:28:08

thunderbird security update

2022-05-27 18:24:54

slackware

[slackware-security] mozilla-firefox

2022-05-21 01:42:04

[slackware-security] mozilla-thunderbird

2022-05-21 01:42:41

redos

ROS-20220530-04

2022-05-30 00:00:00

ROS-20220530-03

2022-05-30 00:00:00

debian

[SECURITY] [DLA 3021-1] firefox-esr security update

2022-05-24 08:06:39

[SECURITY] [DSA 5143-1] firefox-esr security update

2022-05-22 15:15:21

[SECURITY] [DSA 5158-1] thunderbird security update

2022-06-04 17:52:32

malwarebytes

Firefox, Thunderbird, receive patches for critical security issues

2022-05-27 11:06:49

thn

Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched

2022-05-26 09:08:00

altlinux

Security fix for the ALT Linux 10 package thunderbird version 91.9.1-alt1

2022-05-27 00:00:00

Security fix for the ALT Linux 10 package firefox-esr version 91.9.1-alt1

2022-05-22 00:00:00

almalinux

Critical: thunderbird security update

2022-05-27 18:24:54

Critical: firefox security update

2022-05-27 18:28:08

mozilla

Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, Thunderbird 91.9.1 — Mozilla

2022-05-20 00:00:00

mageia

Updated firefox/thunderbird packages fix security vulnerability

2022-05-25 21:46:18

amazon

Critical: thunderbird

2022-05-31 23:50:00

ubuntu

Firefox vulnerabilities

2022-05-23 00:00:00

Thunderbird vulnerabilities

2022-05-25 00:00:00

securelist

IT threat evolution in Q2 2022. Non-mobile statistics

2022-08-15 12:00:43

ibm

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.2ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0

2022-11-15 05:24:36

Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring.

2023-01-31 14:47:39

gentoo

Mozilla Firefox: Multiple Vulnerabilities

2022-08-10 00:00:00

Mozilla Thunderbird: Multiple Vulnerabilities

2022-08-10 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

68.3%

JSON

Related for NVD:CVE-2022-1802

cvelist1 veracode1 ubuntucve1 cve1 zdi1 debiancve1 alpinelinux1 redhatcve1 prion1 githubexploit1 nessus46 oraclelinux6 osv10 redhat12 openvas22 kaspersky3 suse2 rocky2 slackware2 redos2 debian4 malwarebytes1 thn1 altlinux2 almalinux2 mozilla1 mageia1 amazon1 ubuntu2 securelist1 ibm2 gentoo2