419 matches found
VulnCheck KEV: CVE-2022-1802
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android...
Rocky Linux 8 : thunderbird (RLSA-2022:4769)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:4769 advisory. - If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of...
Amazon Linux 2 : thunderbird (ALAS-2022-1804)
The version of thunderbird installed on the remote host is prior to 91.9.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1804 advisory. The Mozilla Foundation Security Advisory describes this flaw as:An attacker could have sent a message to the parent...
Mozilla: Prototype pollution in Top-Level Await implementation
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...
Mozilla: Prototype pollution in Top-Level Await implementation
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...
Mozilla: Prototype pollution in Top-Level Await implementation
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...
Mozilla: Prototype pollution in Top-Level Await implementation
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...
Mozilla: Prototype pollution in Top-Level Await implementation
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...
Mozilla: Prototype pollution in Top-Level Await implementation
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...
Mozilla: Prototype pollution in Top-Level Await implementation
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...
Mozilla: Prototype pollution in Top-Level Await implementation
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...
Adobe Reader and Acrobat Sandbox Bypass Vulnerability
Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context...
SUSE SLED15: MozillaFirefox / MozillaFirefox-branding-upstream / etc (SUSE-SU-2022:1830-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1830-1 advisory. Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 bsc1199768: - CVE-2022-1802: Prototyp...
Mozilla: Prototype pollution in Top-Level Await implementation
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...
SUSE SLES15: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2022:1818-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1818-1 advisory. Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 bsc1199768: - CVE-2022-1802: Prototype pollution in Top-Level Await...
Debian DLA-3021-1 : firefox-esr - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3021 advisory. Manfred Paul discovered two security issues in the Mozilla Firefox web browser, which could result in the execution of arbitrary code. For Debian 9 stretch, these...
USN-5434-1: Firefox vulnerabilities
It was discovered that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website, an attacker could exploit this to execute JavaScript in a privileged context...
CVE-2022-1802
The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...
UBUNTU-CVE-2022-1802
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...
Debian DSA-5143-1 : firefox-esr - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5143 advisory. - If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of...