CVE-2022-1529
published 2022-12-22CVE-2022-1529: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype…
PriorityP277high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
17.10%
96.7th percentile
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 100.0.2-1 (sid) | firefox 100.0.2-1 (sid) |
| debian | firefox-esr | < firefox 100.0.2-1 (sid) | firefox 100.0.2-1 (sid) |
| debian | thunderbird | < firefox 100.0.2-1 (sid) | firefox 100.0.2-1 (sid) |
| mozilla | firefox | < 100.0.2 | 100.0.2 |
| mozilla | firefox | < 100.3.0 | 100.3.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 100.0.2 | 100.0.2 |
| mozilla | firefox_esr | < 91.9.1 | 91.9.1 |
| mozilla | firefox_esr | >= unspecified < 91.9.1 | 91.9.1 |
| mozilla | firefox_for_android | >= unspecified < 100.3.0 | 100.3.0 |
| mozilla | thunderbird | < 91.9.1 | 91.9.1 |
| mozilla | thunderbird | >= 0 < 1:91.10.0-1~deb11u1 | 1:91.10.0-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:91.10.0-1 | 1:91.10.0-1 |
| mozilla | thunderbird | >= 0 < 1:91.10.0-1 | 1:91.10.0-1 |
| mozilla | thunderbird | >= 0 < 1:91.10.0-1 | 1:91.10.0-1 |
| mozilla | thunderbird | >= 0 < 1:91.9.1+build1-0ubuntu0.18.04.1 | 1:91.9.1+build1-0ubuntu0.18.04.1 |
| mozilla | thunderbird | >= 0 < 1:91.9.1+build1-0ubuntu0.20.04.1 | 1:91.9.1+build1-0ubuntu0.20.04.1 |
| mozilla | thunderbird | >= 0 < 1:91.9.1+build1-0ubuntu0.22.04.1 | 1:91.9.1+build1-0ubuntu0.22.04.1 |
| mozilla | thunderbird | >= unspecified < 91.9.1 | 91.9.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →The attack vector involves sending a crafted inter-process message to the Firefox/Thunderbird parent process where untrusted content is used to double-index into a JavaScript object, enabling prototype pollution. Monitor for anomalous IPC messages from child to parent processes in Firefox/Thunderbird. ↗
- →The exploitation mechanism specifically corrupts Array object methods via prototype pollution through IPC messaging. Detection should focus on unexpected modification of Array prototype methods within privileged Firefox parent process JavaScript contexts. ↗
- →Exploitation results in attacker-controlled JavaScript executing in the privileged parent process. Alert on unexpected privileged JS execution originating from content/child process IPC in Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. ↗
- ·Red Hat Enterprise Linux 6 packages for both Firefox and Thunderbird are out of support scope, meaning no vendor patch will be provided for those platforms. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vulncheck8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2022-05-25·CVSS 4.3
CVE-2022-29913 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
bypass permission prompts, obtain sensitive information, bypass security
restrictions, cause user confusion, or execute arbitrary code.
(CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913,
CVE-2022-29914, CVE-2022-29916, CVE-2022-29917)
It was discovered that Thunderbird would show the wrong security status
after viewing an attached message that is signed or encrypted. An attacker
could potentially exploit this by tricking the user into trusting the
authenticity of a
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2022-05-23
CVE-2022-1529 Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to execute JavaScript in a privileged context if it
opened a malicious website.
It was discovered that the methods of an Array object could be corrupted
as a result of prototype pollution by sending a message to the parent
process. If a user were tricked into opening a specially crafted website,
an attacker could exploit this to execute JavaScript in a privileged
context.
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Red Hat
Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution
vendor_redhat·2022-05-20·CVSS 8.8
CVE-2022-1529 [HIGH] CWE-843 Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution
Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process.
Package: fi
Debian
CVE-2022-1529: firefox - An attacker could have sent a message to the parent process where the contents w...
vendor_debian·2022·CVSS 8.8
CVE-2022-1529 [HIGH] CVE-2022-1529: firefox - An attacker could have sent a message to the parent process where the contents w...
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
Scope: local
sid: resolved (fixed in 100.0.2-1)
Mozilla
Mozilla Foundation Security Advisory 2022-19: CVE-2022-1529
vendor_mozilla·CVSS 8.8
CVE-2022-1529 [HIGH] Mozilla Foundation Security Advisory 2022-19: CVE-2022-1529
Mozilla Foundation Security Advisory 2022-19
CVE: CVE-2022-1529
Product: Firefox, Firefox ESR, Firefox for Android, Thunderbird
Impact: critical
Fixed in: Firefox 100.0.2
Firefox ESR 91.9.1
Firefox for Android 100.3
Thunderbird 91.9.1
GHSA
GHSA-grr5-5v7v-g4c4: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototyp
ghsa_unreviewed·2022-12-22
CVE-2022-1529 [HIGH] CWE-1321 GHSA-grr5-5v7v-g4c4: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototyp
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
OSV
CVE-2022-1529: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototyp
osv·2022-12-22·CVSS 8.8
CVE-2022-1529 [HIGH] CVE-2022-1529: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototyp
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
OSV
thunderbird vulnerabilities
osv·2022-05-25·CVSS 4.3
CVE-2022-29909 [MEDIUM] thunderbird vulnerabilities
thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
bypass permission prompts, obtain sensitive information, bypass security
restrictions, cause user confusion, or execute arbitrary code.
(CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913,
CVE-2022-29914, CVE-2022-29916, CVE-2022-29917)
It was discovered that Thunderbird would show the wrong security status
after viewing an attached message that is signed or encrypted. An attacker
could potentially exploit this by tricking the user into trusting the
authenticity of a message. (CVE-2022-1520)
It was discovered that the methods of an A
VulnCheck
Mozilla Firefox Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
vulncheck·2022·CVSS 8.8
CVE-2022-1529 [HIGH] Mozilla Firefox Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Mozilla Firefox Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
Affected: Mozilla Firefox
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://securelist.com/it-threat-evolution-in-q2-2022-non-mobile-statistics/107133/
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
blogs_talos·2022-12-01·CVSS 6.5
CVE-2022-32573 [MEDIUM] Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper.
Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management, compliance and audit purposes.
Talos has identified two directory traversal vulnerabilities that can lead to arbitrary file upload: TALOS-2022-1528 (CVE-2022-32573) and TALOS-2022-1529 (CVE-2022-29517). Two other vulnerabilities exist where directory traversal can lead to arbitrary file read: TALOS-2022-1530 (CVE-2022-29511) and TALOS-2022-1531 (CVE-2022-27498). An attacker can send an HTTP request to trigger these vulnerabilities.
Both TALOS-2022-1532 (CVE-2022-28703) and TALOS-2022-1541 (CVE-2022-32763) are cros
Talos
Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
blogs_talos·2022-12-01·CVSS 6.5
[MEDIUM] Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
## Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper.
Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management, compliance and audit purposes.
Talos has identified two directory traversal vulnerabilities that can lead to arbitrary file upload: TALOS-2022-1528 (CVE-2022-32573) and TALOS-2022-1529 (CVE-2022-29517). Two other vulnerabilities exist where directory traversal can lead to arbitrary file read: TALOS-2022-1530 (CVE-2022-29511) and TALOS-2022-1531 (CVE-2022-27498). An attacker can send an HTTP request to trigger these
Securelist
Non-mobile malware statistics, Q2 2022
blogs_securelist·2022-08-15
Non-mobile malware statistics, Q2 2022
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by criminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- AMR
- IT threat evolution in Q2 2022
- IT threat evolution in Q2 2022. Non-mobile statistics
- IT threat evolution in Q2 2022. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q2 2022:
- Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe.
- Web Anti-Virus recognized 273,033,368 unique URLs as malicious. Attempts to run malware fo
Checkpoint
30th May – Threat Intelligence Report
blogs_checkpoint·2022-05-30
CVE-2022-26833 30th May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 30th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 30th May, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Check Point Research reported how the Conti ransom group has taken cybercrime to a new, geopolitical level. They intervene in the internal politics of Costa Rica, the relationship between Costa Rica and the US, and basically moved the ransomware gangs to a new business stage of country extortion.
Check Point Harmony Endpoint and
2022-12-22
Published
Exploited in the wild