Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
May 23, 2022Rewterz Threat Advisory – CVE-2022-1729 – Linux Kernel Vulnerability
May 24, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
May 23, 2022Rewterz Threat Advisory – CVE-2022-1729 – Linux Kernel Vulnerability
May 24, 2022Severity
High
Analysis Summary
CVE-2022-1802 CVSS:8.8
Mozilla Firefox, Firefox ESR, Firefox for Android and Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the Top-Level Await implementation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service condition.
CVE-2022-1529 CVSS:8.8
Mozilla Firefox, Firefox ESR, Firefox for Android and Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the JavaScript object indexing. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service condition.
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2022-1802
- CVE-2022-1529
Affected Vendors
- Mozilla
Affected Products
- Mozilla Firefox 100
- Mozilla Firefox ESR 91.9
- Mozilla Firefox for Android 100
- Mozilla Thunderbird 91.9
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.