![]() ![]() “An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process,” the company says. The second vulnerability, which is documented in CVE-2022-1529, is an untrusted input used in Javascript object indexing, and Mozilla says it also leads to prototype pollution. “If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context,” Mozilla says. The first bug is a prototype pollution in Top-Level Audit implementation. Mozilla has flagged both security fixes with a critical severity rating, revealing they were reported by researcher Manfred Paul of Trend Micro’s Zero Day initiative. ![]() ![]() This is because the new update, which brings the browser to version 100.0.2, includes two critical security fixes, so obviously, everybody is recommended to install it as soon as possible. Mozilla has just released a new Firefox version, and this time, the minor revision is actually pretty big news in terms of security. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |