CVE-2022-1529

Summary

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 91.9.1affected
MozillaFirefoxunspecified < 100.0.2affected
MozillaFirefox for Androidunspecified < 100.3.0affected
MozillaThunderbirdunspecified < 91.9.1affected

Weaknesses

  • Untrusted input used in JavaScript object indexing, leading to prototype pollution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References