cbcvebase.
CVE-2022-1802
published 2022-12-22

CVE-2022-1802: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of…

PriorityP180high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
26.71%
97.8th percentile
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.

Affected

19 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 100.0.2-1 (sid)firefox 100.0.2-1 (sid)
debianfirefox-esr< firefox 100.0.2-1 (sid)firefox 100.0.2-1 (sid)
debianthunderbird< firefox 100.0.2-1 (sid)firefox 100.0.2-1 (sid)
mozillafirefox< 100.0.2100.0.2
mozillafirefox< 100.3.0100.3.0
mozillafirefox
mozillafirefox>= unspecified < 100.0.2100.0.2
mozillafirefox_esr< 91.9.191.9.1
mozillafirefox_esr>= unspecified < 91.9.191.9.1
mozillafirefox_for_android>= unspecified < 100.3.0100.3.0
mozillathunderbird< 91.9.191.9.1
mozillathunderbird>= 0 < 1:91.10.0-1~deb11u11:91.10.0-1~deb11u1
mozillathunderbird>= 0 < 1:91.10.0-11:91.10.0-1
mozillathunderbird>= 0 < 1:91.10.0-11:91.10.0-1
mozillathunderbird>= 0 < 1:91.10.0-11:91.10.0-1
mozillathunderbird>= 0 < 1:91.9.1+build1-0ubuntu0.18.04.11:91.9.1+build1-0ubuntu0.18.04.1
mozillathunderbird>= 0 < 1:91.9.1+build1-0ubuntu0.20.04.11:91.9.1+build1-0ubuntu0.20.04.1
mozillathunderbird>= 0 < 1:91.9.1+build1-0ubuntu0.22.04.11:91.9.1+build1-0ubuntu0.22.04.1
mozillathunderbird>= unspecified < 91.9.191.9.1

Detection & IOCsextracted from sources · hover to see the quote

  • Prototype pollution of Array object methods via inter-process messaging to the parent process can lead to privileged JavaScript execution — monitor for unexpected Array prototype modifications in browser JS engine contexts
  • The vulnerability is rooted in the Top-Level Await implementation — focus code review and sandbox escape detection on Top-Level Await JS execution paths in Firefox/Thunderbird
  • Privileged context JavaScript execution is the end goal — alert on content-process JS executing in chrome/privileged context following Array method corruption
  • ·Vulnerability affects multiple products and version lines; ensure detection/patching scope covers all listed products
  • ·Firefox on Red Hat Enterprise Linux 6 and Thunderbird on RHEL 6 are out of support scope — no patch available for those platforms
  • ·A full system restart of Firefox is required after patching for changes to take effect

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vulncheck8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.