CVE-2022-2200

Summary

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 102affected
MozillaFirefox ESRunspecified < 91.11affected
MozillaThunderbirdunspecified < 102affected
MozillaThunderbirdunspecified < 91.11affected

Weaknesses

  • Undesired attributes could be set as part of prototype pollution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References