Thunderbird Security Fix 91.9.1

Thunderbird Logo
Thunderbird Logo

Der kostenlose Mailclient, Thunderbird, erhielt das Security Update 91.9.1. Das Update schließt zwei Sicherheitslücken die als kritisch angestuft wurden.

Thunderbird Security 91.9.1 Release Notes

Mozilla Foundation Security Advisory 2022-19

Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, Thunderbird 91.9.1

AnnouncedMay 20, 2022ImpactcriticalProductsFirefox, Firefox ESR, Firefox for Android, ThunderbirdFixed in

  • Firefox 100.0.2
  • Firefox ESR 91.9.1
  • Firefox for Android 100.3
  • Thunderbird 91.9.1

#CVE-2022-1802: Prototype pollution in Top-Level Await implementation

ReporterManfred Paul via Trend Micro’s Zero Day InitiativeImpactcritical

Description

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.

References

#CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

ReporterManfred Paul via Trend Micro’s Zero Day InitiativeImpactcritical

Description

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process.

References

Quelle: https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/

Ersten Kommentar schreiben

Antworten

Deine E-Mail-Adresse wird nicht veröffentlicht.


*