Thunderbird Security Fix 91.9.1

Der kostenlose Mailclient, Thunderbird, erhielt das Security Update 91.9.1. Das Update schließt zwei Sicherheitslücken die als kritisch angestuft wurden.

Thunderbird Security 91.9.1 Release Notes

Mozilla Foundation Security Advisory 2022-19

Security Vulnerabilities fixed in Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, Thunderbird 91.9.1

AnnouncedMay 20, 2022ImpactcriticalProductsFirefox, Firefox ESR, Firefox for Android, ThunderbirdFixed in

• Firefox 100.0.2
• Firefox ESR 91.9.1
• Firefox for Android 100.3
• Thunderbird 91.9.1

#CVE-2022-1802: Prototype pollution in Top-Level Await implementation

ReporterManfred Paul via Trend Micro’s Zero Day InitiativeImpactcritical

Description

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.

References

• Bug 1770137

#CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

ReporterManfred Paul via Trend Micro’s Zero Day InitiativeImpactcritical

Description

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process.

References

• Bug 1770048

Quelle: https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/