New Update Mozilla releases Firefox 100: here is what is new

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,003
Mozilla published a security advisory for all affected versions of the web browser that provide additional details on the issues:

There, users find out that two security issues have been patched in the update. Both issues have the severity rating of critical, the highest rating that is available. They were reported to Mozilla by Manfred Paul via Trend Micro's Zero Day Initiative.
CVE-2022-1802: Prototype pollution in Top-Level Await implementation
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.

CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process.

The linked bug reports are restricted. Mozilla makes no mention of attacks in the wilds that target these vulnerabilities.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top