[German]Mozilla developers have released versions 100.0.2 and 91.9.1esr of the Firefox browser on May 20, 2022. These are maintenance updates, which fix two critical vulnerabilities. Thanks to the reader for the tip.
Firefox 100.0.2 and 91.9.1esr
According to the release notes, the May 20, 2022 update brings the following two critical security fixes to the following browsers.
-
- Firefox 100.0.2
- Firefox ESR 91.9.1
- Firefox for Android 100.3
- Thunderbird 91.9.1
- CVE-2022-1802: Prototype pollution in Top-Level Await implementation: If an attacker was able to corrupt the methods of an array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.
- CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution: An attacker could have sent a message to the parent process whose contents were used to double-index a JavaScript object, leading to prototype pollution and eventual execution of JavaScript under the attacker's control in the privileged parent process.
The new Firefox and ESR variants can be downloaded from this web page for various platforms (choose the variant from the list boxes displayed).
