Описание
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 100.0.2+build1-0ubuntu0.18.04.1 |
| devel | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 100.0.2+build1-0ubuntu0.20.04.1 |
| impish | released | 100.0.2+build1-0ubuntu0.21.10.1 |
| jammy | not-affected | code not present |
| kinetic | not-affected | code not present |
| lunar | not-affected | code not present |
| trusty | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:91.9.1+build1-0ubuntu0.18.04.1 |
| devel | not-affected | 1:102.3.3+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 1:91.9.1+build1-0ubuntu0.20.04.1 |
| impish | released | 1:91.9.1+build1-0ubuntu0.21.10.1 |
| jammy | released | 1:91.9.1+build1-0ubuntu0.22.04.1 |
| kinetic | ignored | end of life, was needed |
| lunar | not-affected | 1:102.3.3+build1-0ubuntu1 |
| trusty | ignored | end of standard support |
Показывать по
EPSS
8.8 High
CVSS3
Связанные уязвимости
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
An attacker could have sent a message to the parent process where the ...
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
Уязвимость механизма индексирования JavaScript-объектов браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный JavaScript-код
EPSS
8.8 High
CVSS3