VulnerableCode Package Details - pkg:alpm/archlinux/firefox@100.0.1-1

Search for packages

Package details: pkg:alpm/archlinux/firefox@100.0.1-1

Essentials
History (6)

purl	pkg:alpm/archlinux/firefox@100.0.1-1

Next non-vulnerable version	101.0-1
Latest non-vulnerable version	101.0-1
Risk	4.5

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-m9hk-hpu3-aaap Aliases: CVE-2022-1802	If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.	100.0.2-1 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rs5y-stw3-aaab Aliases: CVE-2022-1529	An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.	100.0.2-1 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:44:03.201987+00:00	Arch Linux Importer	Affected by	VCID-rs5y-stw3-aaab	https://security.archlinux.org/AVG-2728	36.0.0
2025-03-28T07:44:03.175124+00:00	Arch Linux Importer	Affected by	VCID-m9hk-hpu3-aaap	https://security.archlinux.org/AVG-2728	36.0.0
2024-09-18T01:59:11.246290+00:00	Arch Linux Importer	Affected by	VCID-rs5y-stw3-aaab	https://security.archlinux.org/AVG-2728	34.0.1
2024-09-18T01:59:11.223928+00:00	Arch Linux Importer	Affected by	VCID-m9hk-hpu3-aaap	https://security.archlinux.org/AVG-2728	34.0.1
2024-01-03T22:25:28.889976+00:00	Arch Linux Importer	Affected by	VCID-rs5y-stw3-aaab	https://security.archlinux.org/AVG-2728	34.0.0rc1
2024-01-03T22:25:28.868310+00:00	Arch Linux Importer	Affected by	VCID-m9hk-hpu3-aaap	https://security.archlinux.org/AVG-2728	34.0.0rc1