⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.
CVE-2022-1802 — Prototype Pollution in Mozilla Firefox
Severity
8.8HIGHNVD
EPSS
67.9%
top 1.41%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedDec 22
Description
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages8 packages
🔴Vulnerability Details
4OSV▶
CVE-2022-1802: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacke↗2022-12-22
GHSA▶
GHSA-p859-wprc-3cjx: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacke↗2022-12-22
CVEList▶
CVE-2022-1802: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacke↗2022-12-22
VulnCheck▶
Mozilla Firefox Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')↗2022
📋Vendor Advisories
5Debian▶
CVE-2022-1802: firefox - If an attacker was able to corrupt the methods of an Array object in JavaScript ...↗2022