Description
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Mozilla / Firefoxunspecified – 100.0.2
- Mozilla / Firefox ESRunspecified – 91.9.1
- Mozilla / Firefox for Androidunspecified – 100.3.0
- Mozilla / Thunderbirdunspecified – 91.9.1