What is CVE-2022-1802?

CVE-2022-1802 is a vulnerability that allows an attacker to execute malicious JavaScript code in a privileged context by corrupting the methods of an Array object in JavaScript through prototype pollution.

Which software is affected by CVE-2022-1802?

Mozilla Firefox ESR versions prior to 91.9.1, Mozilla Firefox versions prior to 100.0.2, Mozilla Thunderbird versions prior to 91.9.1, and Mozilla Firefox for Android versions prior to 100.3 are affected.

What is the severity of CVE-2022-1802?

CVE-2022-1802 has a severity score of 8.8, which is classified as critical.

How can I fix CVE-2022-1802?

To fix CVE-2022-1802, you should update your Mozilla Firefox, Mozilla Thunderbird, or Mozilla Firefox for Android to the corresponding patched versions (Firefox ESR 91.9.1, Firefox 100.0.2, Thunderbird 91.9.1, Firefox for Android 100.3).

Where can I find more information about CVE-2022-1802?

You can find more information about CVE-2022-1802 on the Mozilla Bugzilla page (https://bugzilla.mozilla.org/show_bug.cgi?id=1770137) and the Mozilla security advisories (https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/ and https://www.mozilla.org/security/advisories/mfsa2022-19/).

Vulnerability/
CVE-2022-1802

high

8.8

CWE

1321

20/5/2022

22/12/2022

3/8/2024

CVE-2022-1802

First published: Fri May 20 2022(Updated: )

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Firefox	<100.0.2
Mozilla Firefox ESR	<91.9.1
Mozilla Thunderbird	<91.9.1
Mozilla Firefox	<100.3.0
Google Android
Mozilla Firefox	<100.0.2	100.0.2
Mozilla Firefox ESR	<91.9.1	91.9.1
All of
Mozilla Firefox	=100.3
Google Android
Mozilla Thunderbird	<91.9.1	91.9.1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

MFSA2022-19

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2022-1802?
CVE-2022-1802 is a vulnerability that allows an attacker to execute malicious JavaScript code in a privileged context by corrupting the methods of an Array object in JavaScript through prototype pollution.
Which software is affected by CVE-2022-1802?
Mozilla Firefox ESR versions prior to 91.9.1, Mozilla Firefox versions prior to 100.0.2, Mozilla Thunderbird versions prior to 91.9.1, and Mozilla Firefox for Android versions prior to 100.3 are affected.
What is the severity of CVE-2022-1802?
CVE-2022-1802 has a severity score of 8.8, which is classified as critical.
How can I fix CVE-2022-1802?
To fix CVE-2022-1802, you should update your Mozilla Firefox, Mozilla Thunderbird, or Mozilla Firefox for Android to the corresponding patched versions (Firefox ESR 91.9.1, Firefox 100.0.2, Thunderbird 91.9.1, Firefox for Android 100.3).
Where can I find more information about CVE-2022-1802?
You can find more information about CVE-2022-1802 on the Mozilla Bugzilla page (https://bugzilla.mozilla.org/show_bug.cgi?id=1770137) and the Mozilla security advisories (https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/ and https://www.mozilla.org/security/advisories/mfsa2022-19/).

agent/type
agent/first-publish-date
agent/last-modified-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/mozilla-advisory
vendor/mozilla
vendor/firefox
vendor/firefox esr
vendor/google
vendor/android
vendor/thunderbird
agent/weakness
agent/author
agent/severity
agent/event
agent/references
agent/tags
agent/description
source/Mozilla
agent/software-canonical-lookup
agent/softwarecombine
collector/mitre-cve
source/MITRE
canonical/mozilla firefox
canonical/mozilla firefox esr
canonical/mozilla thunderbird
canonical/google android
version/mozilla firefox/100.3