cbcvebase.
CVE-2022-1529
published 2022-12-22

CVE-2022-1529: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype…

PriorityP277high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
17.10%
96.7th percentile
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.

Affected

19 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 100.0.2-1 (sid)firefox 100.0.2-1 (sid)
debianfirefox-esr< firefox 100.0.2-1 (sid)firefox 100.0.2-1 (sid)
debianthunderbird< firefox 100.0.2-1 (sid)firefox 100.0.2-1 (sid)
mozillafirefox< 100.0.2100.0.2
mozillafirefox< 100.3.0100.3.0
mozillafirefox
mozillafirefox>= unspecified < 100.0.2100.0.2
mozillafirefox_esr< 91.9.191.9.1
mozillafirefox_esr>= unspecified < 91.9.191.9.1
mozillafirefox_for_android>= unspecified < 100.3.0100.3.0
mozillathunderbird< 91.9.191.9.1
mozillathunderbird>= 0 < 1:91.10.0-1~deb11u11:91.10.0-1~deb11u1
mozillathunderbird>= 0 < 1:91.10.0-11:91.10.0-1
mozillathunderbird>= 0 < 1:91.10.0-11:91.10.0-1
mozillathunderbird>= 0 < 1:91.10.0-11:91.10.0-1
mozillathunderbird>= 0 < 1:91.9.1+build1-0ubuntu0.18.04.11:91.9.1+build1-0ubuntu0.18.04.1
mozillathunderbird>= 0 < 1:91.9.1+build1-0ubuntu0.20.04.11:91.9.1+build1-0ubuntu0.20.04.1
mozillathunderbird>= 0 < 1:91.9.1+build1-0ubuntu0.22.04.11:91.9.1+build1-0ubuntu0.22.04.1
mozillathunderbird>= unspecified < 91.9.191.9.1

Detection & IOCsextracted from sources · hover to see the quote

  • The attack vector involves sending a crafted inter-process message to the Firefox/Thunderbird parent process where untrusted content is used to double-index into a JavaScript object, enabling prototype pollution. Monitor for anomalous IPC messages from child to parent processes in Firefox/Thunderbird.
  • The exploitation mechanism specifically corrupts Array object methods via prototype pollution through IPC messaging. Detection should focus on unexpected modification of Array prototype methods within privileged Firefox parent process JavaScript contexts.
  • Exploitation results in attacker-controlled JavaScript executing in the privileged parent process. Alert on unexpected privileged JS execution originating from content/child process IPC in Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
  • ·Red Hat Enterprise Linux 6 packages for both Firefox and Thunderbird are out of support scope, meaning no vendor patch will be provided for those platforms.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vulncheck8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.