USN-5434-1: Firefox vulnerabilities

🗓️ 23 May 2022 13:49:37Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 83 Views

Firefox vulnerabilities in Ubuntu 21.10, 20.04 LTS, and 18.04 ESM due to Array object corruption from prototype pollutio

Reporter	Title	Published	Views	Family All 236
ALT Linux	Security fix for the ALT Linux 10 package thunderbird version 91.9.1-alt1	27 May 202200:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package firefox-esr version 91.9.1-alt1	22 May 202200:00	–	altlinux
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring.	31 Jan 202314:47	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.2ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 - 2022.4.0	15 Nov 202205:24	–	ibm
Tenable Nessus	Amazon Linux 2 : thunderbird (ALAS-2022-1804)	7 Jun 202200:00	–	nessus
Tenable Nessus	AlmaLinux 9 : firefox (ALSA-2022:4765)	16 Nov 202200:00	–	nessus
Tenable Nessus	AlmaLinux 9 : thunderbird (ALSA-2022:4772)	16 Nov 202200:00	–	nessus
Tenable Nessus	CentOS 7 : firefox (RHSA-2022:4729)	9 Oct 202400:00	–	nessus
Tenable Nessus	CentOS 7 : thunderbird (RHSA-2022:4730)	9 Oct 202400:00	–	nessus
Tenable Nessus	Debian DLA-3021-1 : firefox-esr - LTS security update	24 May 202200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	18.04	any	firefox-locale-nl	100.0.2+build1-0ubuntu0.18.04.1	firefox-locale-nl_100.0.2+build1-0ubuntu0.18.04.1_any.deb
Ubuntu	20.04	any	firefox-locale-nl	100.0.2+build1-0ubuntu0.20.04.1	firefox-locale-nl_100.0.2+build1-0ubuntu0.20.04.1_any.deb
Ubuntu	21.10	any	firefox-locale-nl	100.0.2+build1-0ubuntu0.21.10.1	firefox-locale-nl_100.0.2+build1-0ubuntu0.21.10.1_any.deb

23 May 2022 13:49Current

8.7High risk

Vulners AI Score8.7

CVSS 3.18.8

EPSS0.67932

SSVC

firefox ubuntu vulnerabilities array object prototype pollution privileged context javascript