Home > Cyber News > CVE-2022-1802, CVE-2022-1529: Critical Vulnerabilities in Mozilla Firefox
CYBER NEWS

CVE-2022-1802, CVE-2022-1529: Critical Vulnerabilities in Mozilla Firefox

by   |  Last Update:  |  0 Comments  

CVE-2022-1802, CVE-2022-1529: Critical Vulnerabilities in Mozilla Firefox
Mozilla released a new version of its Firefox browser (100.0.2) fixing a set of two critical security vulnerabilities. The patches make this minor update quite significant in importance. Affected versions include Firefox, Firefox ESR, Firefox for Android, and Thunderbird (Firefox 100.0.2, Firefox ESR 91.9.1, Firefox for Android 100.3, Thunderbird 91.9.1).

You should update your browser immediately, as both could have a critical impact in case of a successful exploit.




Vulnerabilities Fixed in Mozilla Firefox Version 100.0.2

The latest update fixes two critical issues: CVE-2022-1802 and CVE-2022-1529.

The first vulnerability was discovered by Manfred Paul and reported via Trend Micro’s Zero Day Initiative. According to Mozilla’s advisory, “if an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.”

The second vulnerability has been reported by the same researcher, and it also involves JavaScript. “An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process,” as per the advisory.

In March, Mozilla released two out-of-band updates to address a couple of critical zero-day vulnerabilities in its browser. Both vulnerabilities were actively exploited in the wild. The two zero-days, CVE-2022-26485 and CVE-2022-26486, stemmed from use-after-free issues affecting the Extensible Stylesheet Language Transformations (XSLT) parameter processing, as well as the WebGPU inter-process communication framework (IPC).

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. Which is the Most Secure Browser for 2015 – Firefox, Chrome, Internet Explorer, Safari A Web browser can be two things. A person who...
  3. New Critical Bugs in Firefox, Chrome and Edge (CVE-2020-16044) Users should patch several new browser vulnerabilities affecting Chrome, Firefox,...
  4. CVE-2022-44698, CVE-2022-44710: Microsoft Fixes 2 Zero-Days Another Microsoft Patch Tuesday has rolled out, fixing a total...
  5. VMware Discloses Critical Vulnerabilities CVE-2022-22951, CVE-2022-22952 Two new VMware vulnerabilities have been disclosed, CVE-2022-22951 and CVE-2022-22952,...
  6. CVE-2022-26485, CVE-2022-26486: Critical Firefox Zero-Days Exploited in the Wild Two out-of-band updates were just released to address a couple...
  7. CVE-2020-6819, CVE-2020-6820: Critical Zero-Day Bugs in Firefox Your Firefox browser needs to be patched as soon as...
  8. Top 5 Most Dangerous Microsoft Office Vulnerabilities Let’s see why hackers love exploiting specific Microsoft Office vulnerabilities....

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree