The vulnerability of the Array method in Mozilla Firefox and Mozilla Firefox ESR browsers, as well as the Thunderbird email client, allows a malicious actor to execute arbitrary JavaScript code in a privileged context.

🗓️ 23 May 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Array method flaw in Mozilla Firefox, Firefox ESR, and Thunderbird enables privileged context JavaScript execution from code generation errors.

Reporter	Title	Published	Views	Family All 206
ALT Linux	Security fix for the ALT Linux 10 package thunderbird version 91.9.1-alt1	27 May 202200:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package firefox-esr version 91.9.1-alt1	22 May 202200:00	–	altlinux
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring.	31 Jan 202314:47	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.2ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0	15 Nov 202205:24	–	ibm
Tenable Nessus	Amazon Linux 2 : thunderbird (ALAS-2022-1804)	7 Jun 202200:00	–	nessus
Tenable Nessus	AlmaLinux 9 : firefox (ALSA-2022:4765)	16 Nov 202200:00	–	nessus
Tenable Nessus	AlmaLinux 9 : thunderbird (ALSA-2022:4772)	16 Nov 202200:00	–	nessus
Tenable Nessus	CentOS 7 : firefox (RHSA-2022:4729)	9 Oct 202400:00	–	nessus
Tenable Nessus	CentOS 7 : thunderbird (RHSA-2022:4730)	9 Oct 202400:00	–	nessus
Tenable Nessus	Debian DLA-3021-1 : firefox-esr - LTS security update	24 May 202200:00	–	nessus

Vulners

Node

mozilla firefoxRange<100.0.2

OR

mozilla firefox_esrRange<91.9.1

OR

mozilla firefoxRange<100.3

OR

mozilla thunderbirdRange<91.9.1

OR

red_hat red_hat_enterprise_linuxMatch7

OR

red_hat red_hat_enterprise_linuxMatch8

OR

novell suse_linux_enterprise_server_for_sap_applicationsMatch15

OR

novell suse_linux_enterprise_serverMatch15-ltss

OR

novell opensuse_leapMatch15.3

OR

canonical ubuntuMatch21.10

OR

novell opensuse_leapMatch15.4

OR

red_hat red_hat_enterprise_linuxMatch9

Source	Link
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2022-19/
security-tracker	www.security-tracker.debian.org/tracker/CVE-2022-1802
repo	www.repo.red-soft.ru/redos/7.3c/x86_64/updates/
goslinux	www.goslinux.fssp.gov.ru/2726972/
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.5/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-22-799/
security	www.security.ublinux.ru/AVG-40
ubuntu	www.ubuntu.com/security/CVE-2022-1802
ubuntu	www.ubuntu.com/security/notices/USN-5434-1
ubuntu	www.ubuntu.com/security/notices/USN-5435-1

21 Nov 2023 00:00Current

CVSS 38.8

CVSS 210

EPSS0.67932

mozilla firefox firefox esr thunderbird code generation errors privileged context javascript execution array method