CVE-2022-1802

Summary

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 91.9.1affected
MozillaFirefoxunspecified < 100.0.2affected
MozillaFirefox for Androidunspecified < 100.3.0affected
MozillaThunderbirdunspecified < 91.9.1affected

Weaknesses

  • Prototype pollution in Top-Level Await implementation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References