PT-2022-2639 · Mozilla+10 · Thunderbird+13

Manfred Paul

Published

2022-05-20

Updated

2025-09-29

CVE-2022-1802

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 91.9.1 Firefox versions prior to 100.0.2 Firefox for Android versions prior to 100.3.0 Thunderbird versions prior to 91.9.1

Description The issue is related to prototype pollution in the Array object in JavaScript, allowing an attacker to execute attacker-controlled JavaScript code in a privileged context. This can be achieved by corrupting the methods of an Array object. The estimated number of potentially affected devices is not provided.

Recommendations For Firefox ESR versions prior to 91.9.1, update to version 91.9.1 or later. For Firefox versions prior to 100.0.2, update to version 100.0.2 or later. For Firefox for Android versions prior to 100.3.0, update to version 100.3.0 or later. For Thunderbird versions prior to 91.9.1, update to version 91.9.1 or later.

Exploit

Fix

Type Confusion

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-1321

Related Identifiers

ALSA-2022:4769

ALSA-2022:4776

ALSA-2022_4769

ALSA-2022_4776

ALSA-2025_16880

ALT-PU-2022-1916

ALT-PU-2022-1935

ALT-PU-2022-1941

ALT-PU-2022-1951

ALT-PU-2022-1983

ALT-PU-2022-1990

ALT-PU-2022-2017

ALT-PU-2022-2044

ALT-PU-2022-2053

ALT-PU-2022-2458

ALT-PU-2022-2929

ALT-PU-2022-2930

ALT-PU-2023-1138

ALT-PU-2023-1139

ALT-PU-2023-4336

ALT-PU-2023-4339

BDU:2022-03097

CESA-2022_4769

CESA-2022_4776

CVE-2022-1802

DLA-3021-1

DLA-3041-1

DSA-5143-1

DSA-5158-1

ELSA-2022-4729

ELSA-2022-4730

ELSA-2022-4765

ELSA-2022-4769

ELSA-2022-4772

ELSA-2022-4776

MGASA-2022-0207

OESA-2023-1673

OESA-2023-1674

OESA-2024-1368

OESA-2024-1369

OPENSUSE-SU-2022_1830-1

OPENSUSE-SU-2022_2062-1

OPENSUSE-SU-2024:12095-1

OPENSUSE-SU-2024:12098-1

OPENSUSE-SU-2024:14572-1

RHSA-2022:4729

RHSA-2022:4730

RHSA-2022:4765

RHSA-2022:4766

RHSA-2022:4767

RHSA-2022:4768

RHSA-2022:4769

RHSA-2022:4770

RHSA-2022:4772

RHSA-2022:4773

RHSA-2022:4774

RHSA-2022:4776

RHSA-2022_4729

RHSA-2022_4730

RHSA-2022_4765

RHSA-2022_4769

RHSA-2022_4772

RHSA-2022_4776

RLSA-2022:4769

RLSA-2022:4776

RLSA-2022_4769

RLSA-2022_4776

SUSE-SU-2022:1808-1

SUSE-SU-2022:1818-1

SUSE-SU-2022:1830-1

SUSE-SU-2022:2062-1

SUSE-SU-2022_1808-1

SUSE-SU-2022_1818-1

SUSE-SU-2022_1830-1

SUSE-SU-2022_2062-1

USN-5434-1

USN-5435-1

ZDI-22-799

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Firefox For Android

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2022-2639 · Mozilla+10 · Thunderbird+13

CVE-2022-1802

Weakness Enumeration

Related Identifiers

Affected Products

References · 2247