CVE-2022-2200Prototype Pollution in Mozilla Firefox

CWE-1321Prototype Pollution13 documents8 sources
Severity
8.8HIGHNVD
OSV6.5
EPSS
6.2%
top 9.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 22

Description

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified102
NVDmozilla/firefox< 102.0
CVEListV5mozilla/firefox_esrunspecified91.11
CVEListV5mozilla/thunderbirdunspecified102+1
NVDmozilla/firefox_esr< 91.11

🔴Vulnerability Details

5
OSV
CVE-2022-2200: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileg2022-12-22
CVEList
CVE-2022-2200: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileg2022-12-22
GHSA
GHSA-8mqx-qm24-g4fh: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileg2022-12-22
OSV
thunderbird vulnerabilities2022-07-14
OSV
firefox vulnerabilities2022-07-05

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2022-07-14
Ubuntu
Firefox vulnerabilities2022-07-05
Red Hat
Mozilla: Undesired attributes could be set as part of prototype pollution2022-06-28
Debian
CVE-2022-2200: firefox - If an object prototype was corrupted by an attacker, they would have been able t...2022
Mozilla
Mozilla Foundation Security Advisory 2022-25: CVE-2022-2200
CVE-2022-2200 — Prototype Pollution in Mozilla Firefox | cvebase