Описание
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 100.0.2+build1-0ubuntu0.18.04.1 |
| devel | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 100.0.2+build1-0ubuntu0.20.04.1 |
| impish | released | 100.0.2+build1-0ubuntu0.21.10.1 |
| jammy | not-affected | code not present |
| kinetic | not-affected | code not present |
| lunar | not-affected | code not present |
| trusty | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:91.9.1+build1-0ubuntu0.18.04.1 |
| devel | not-affected | 1:102.3.3+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 1:91.9.1+build1-0ubuntu0.20.04.1 |
| impish | released | 1:91.9.1+build1-0ubuntu0.21.10.1 |
| jammy | released | 1:91.9.1+build1-0ubuntu0.22.04.1 |
| kinetic | ignored | end of life, was needed |
| lunar | not-affected | 1:102.3.3+build1-0ubuntu1 |
| trusty | ignored | end of standard support |
Показывать по
EPSS
8.8 High
CVSS3
Связанные уязвимости
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
If an attacker was able to corrupt the methods of an Array object in J ...
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
Уязвимость метода Array браузеров Mozilla Firefox и Mozilla Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный JavaScript-код в привилегированном контексте
EPSS
8.8 High
CVSS3