Описание
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2022:4729 | 24.05.2022 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2022:4730 | 24.05.2022 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2022:4769 | 27.05.2022 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2022:4776 | 27.05.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | firefox | Fixed | RHSA-2022:4767 | 27.05.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2022:4770 | 27.05.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | firefox | Fixed | RHSA-2022:4768 | 27.05.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | thunderbird | Fixed | RHSA-2022:4773 | 26.05.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
If an attacker was able to corrupt the methods of an Array object in J ...
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
Уязвимость метода Array браузеров Mozilla Firefox и Mozilla Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный JavaScript-код в привилегированном контексте
EPSS
8.8 High
CVSS3