VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-rs5y-stw3-aaab

Essentials
Severities (93)
References (37)
Severity details (11)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-rs5y-stw3-aaab
Aliases	CVE-2022-1529
Summary	An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1321	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-843	Access of Resource Using Incompatible Type ('Type Confusion')

System	Score	Found at
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:4729
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:4730
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:4765
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:4766
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:4767
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:4768
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:4769
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:4770
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:4772
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:4773
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:4774
rhas	Critical	https://access.redhat.com/errata/RHSA-2022:4776
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1529.json
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.01698	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.01698	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.01698	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.01698	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.06915	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.07296	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.07296	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.07296	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.07296	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.07296	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.07296	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.07296	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.07296	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.07296	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.07296	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.07296	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.07296	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.07296	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
epss	0.16519	https://api.first.org/data/v1/epss?cve=CVE-2022-1529
cvssv3.1	8.8	https://bugzilla.mozilla.org/show_bug.cgi?id=1770048
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1770048
rhbs	urgent	https://bugzilla.redhat.com/show_bug.cgi?id=2089218
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2022-1529
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2022-1529
archlinux	Critical	https://security.archlinux.org/AVG-2728
archlinux	Critical	https://security.archlinux.org/AVG-2729
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2022-19
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2022-19/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2022-19/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1529.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-1529
		https://bugzilla.mozilla.org/show_bug.cgi?id=1770048
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://www.mozilla.org/security/advisories/mfsa2022-19/
2089218		https://bugzilla.redhat.com/show_bug.cgi?id=2089218
AVG-2728		https://security.archlinux.org/AVG-2728
AVG-2729		https://security.archlinux.org/AVG-2729
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2022-1529		https://nvd.nist.gov/vuln/detail/CVE-2022-1529
mfsa2022-19		https://www.mozilla.org/en-US/security/advisories/mfsa2022-19
RHSA-2022:4729		https://access.redhat.com/errata/RHSA-2022:4729
RHSA-2022:4730		https://access.redhat.com/errata/RHSA-2022:4730
RHSA-2022:4765		https://access.redhat.com/errata/RHSA-2022:4765
RHSA-2022:4766		https://access.redhat.com/errata/RHSA-2022:4766
RHSA-2022:4767		https://access.redhat.com/errata/RHSA-2022:4767
RHSA-2022:4768		https://access.redhat.com/errata/RHSA-2022:4768
RHSA-2022:4769		https://access.redhat.com/errata/RHSA-2022:4769
RHSA-2022:4770		https://access.redhat.com/errata/RHSA-2022:4770
RHSA-2022:4772		https://access.redhat.com/errata/RHSA-2022:4772
RHSA-2022:4773		https://access.redhat.com/errata/RHSA-2022:4773
RHSA-2022:4774		https://access.redhat.com/errata/RHSA-2022:4774
RHSA-2022:4776		https://access.redhat.com/errata/RHSA-2022:4776
USN-5434-1		https://usn.ubuntu.com/5434-1/
USN-5435-1		https://usn.ubuntu.com/5435-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1529.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1770048

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:19:19Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1770048

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1529

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1529

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2022-19/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:19:19Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-19/

Exploit Prediction Scoring System (EPSS)

Percentile	0.59389
EPSS Score	0.00210
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.