CVE-2022-1529

CVSS V2 None CVSS V3 None
Description
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
Overview
  • CVE ID
  • CVE-2022-1529
  • Assigner
  • security@mozilla.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-22T20:15:13
  • Last Modified Date
  • 2022-12-29T16:41:34
Weakness Enumerations
CWE URL
CWE-1321 http://cwe.mitre.org/data/definitions/1321.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 1 OR 100.0.2
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* 1 OR 91.9.1
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* 1 OR 91.9.1
AND
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 1 OR 100.3.0
cpe:2.3:o:google:android:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=1770048
https://www.mozilla.org/security/advisories/mfsa2022-19/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-1529
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
History
Created Old Value New Value Data Type Notes
2022-12-22 20:15:56 Added to TrackCVE
2022-12-22 22:15:07 2022-12-22T21:43:11 CVE Modified Date updated
2022-12-22 22:15:07 Received Awaiting Analysis Vulnerability Status updated
2022-12-27 11:15:59 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-29 17:14:27 2022-12-29T16:41:34 CVE Modified Date updated
2022-12-29 17:14:27 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-29 17:14:28 Weakness Enumeration new
2022-12-29 17:14:30 CPE Information updated