Home > Cyber News > CVE-2022-1802, CVE-2022-1529: Critical Vulnerabilities in Mozilla Firefox

CVE-2022-1802, CVE-2022-1529: Critical Vulnerabilities in Mozilla Firefox

CVE-2022-1802, CVE-2022-1529: Critical Vulnerabilities in Mozilla Firefox
Mozilla released a new version of its Firefox browser (100.0.2) fixing a set of two critical security vulnerabilities. The patches make this minor update quite significant in importance. Affected versions include Firefox, Firefox ESR, Firefox for Android, and Thunderbird (Firefox 100.0.2, Firefox ESR 91.9.1, Firefox for Android 100.3, Thunderbird 91.9.1).

You should update your browser immediately, as both could have a critical impact in case of a successful exploit.

Vulnerabilities Fixed in Mozilla Firefox Version 100.0.2

The latest update fixes two critical issues: CVE-2022-1802 and CVE-2022-1529.

The first vulnerability was discovered by Manfred Paul and reported via Trend Micro’s Zero Day Initiative. According to Mozilla’s advisory, “if an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.”

The second vulnerability has been reported by the same researcher, and it also involves JavaScript. “An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process,” as per the advisory.

In March, Mozilla released two out-of-band updates to address a couple of critical zero-day vulnerabilities in its browser. Both vulnerabilities were actively exploited in the wild. The two zero-days, CVE-2022-26485 and CVE-2022-26486, stemmed from use-after-free issues affecting the Extensible Stylesheet Language Transformations (XSLT) parameter processing, as well as the WebGPU inter-process communication framework (IPC).

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree