The Mozilla Foundation has patched two Critical risk vulnerabilities in Firefox 100.0.2.
An attacker could exploit these vulnerabilities to take control of impacted systems.
As part of Mozilla Foundation Security Advisory 2022-19, Firefox 100.0.2 addressed the following Critical severity vulnerabilities:
- CVE-2022-1802: Prototype pollution in Top-Level Await implementation
Each of the issues are also fixed in Firefox ESR 91.9.1, Firefox for Android 100.3, and Thunderbird 91.9.1.
- Mozilla releases Firefox 100 with fixes for 6 High severity vulnerabilities
- CISA adds 11 vulnerabilities to Known Exploited Vulnerabilities Catalog (including recent Firefox zero-days)