← back
CVE-2022-2200

CVE-2022-2200

CVSS 8.8 HIGHEPSS 23.9%CWE-1321
In short

An attacker could corrupt a JavaScript object's prototype to inject malicious attributes, allowing them to execute code with elevated privileges in Firefox and Thunderbird browsers.

Technical detail

CWE-1321 involves prototype pollution where an attacker manipulates object prototypes to inject arbitrary properties into JavaScript objects. This leads to privilege escalation and arbitrary code execution in the context of the affected browser. The vulnerability requires the attacker to influence object creation or modification, affecting Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Summary generated and translated by AI from the official description.
If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Mozilla · FirefoxMozilla · Firefox ESRMozilla · Thunderbird

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1771381https://www.mozilla.org/security/advisories/mfsa2022-24/https://www.mozilla.org/security/advisories/mfsa2022-25/https://www.mozilla.org/security/advisories/mfsa2022-26/