Tech Gaming Report

Latest Tech & Gaming News

Mozilla's Firefox and Thunderbird: Critical Vulnerabilities in Pwn2Own Closed

Mozilla’s Firefox and Thunderbird: Critical Vulnerabilities in Pwn2Own Closed

Attackers could look at two of Mozilla as “criticalClassify vulnerabilities in Firefox, Firefox ESR, Firefox for Android, and Thunderbird and, in the worst case, run your own code. Now there are protected versions.

The two vulnerabilities (CVE-2022-1529, CVE-2022-1802) were disclosed during the Pwn2Own hacking competition. There, one participant successfully attacked applications via prototype contamination attacks in the context of JavaScript. JavaScript works as a prototype. Newly created objects inherit the properties and methods of the object prototype. This object-based inheritance is really useful, but it can also be abused.

An attacker only needs to modify the “object” prototype to manipulate all objects and make changes to the entire application. This is exactly what the security researcher did at the competition. He then he was able to run his own JavaScript. He received a $100,000 reward for successfully exploiting the vulnerabilities.

According to the warning messageversions Firefox 100.0.2, Firefox ESR 91.9.1, Firefox for Android 100.3 and Thunderbird 91.9.1 are prepared for it.

See also:

  • Firefox – download quickly and safely from heise.de
  • Thunderbird: Download quickly and safely from heise.de


(from)

to the home page

See also  Microsoft Releases KB5010475 for .Net Framework 3.5 and 4.8 for Windows Server 2022 Preview