ALAS2-2022-1804 --- thunderbirdID: oval:org.secpod.oval:def:1700915 | Date: (C)2022-06-14 (M)2023-11-19 |
Class: PATCH | Family: unix |
The Mozilla Foundation Security Advisory describes this flaw as:An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. he Mozilla Foundation Security Advisory describes this flaw as:If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context