{"id":"CVE-2022-1529","details":"An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR \u003c 91.9.1, Firefox \u003c 100.0.2, Firefox for Android \u003c 100.3.0, and Thunderbird \u003c 91.9.1.","modified":"2026-03-13T05:24:25.022219Z","published":"2022-12-22T20:15:13.327Z","related":["ALSA-2022:4769","ALSA-2022:4776","MGASA-2022-0207","SUSE-SU-2022:1808-1","SUSE-SU-2022:1818-1","SUSE-SU-2022:1830-1","SUSE-SU-2022:2062-1","openSUSE-SU-2024:12095-1","openSUSE-SU-2024:12098-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2022-19/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1770048"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1529.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"100.0.2"}]},{"events":[{"introduced":"0"},{"fixed":"91.9.1"}]},{"events":[{"introduced":"0"},{"fixed":"91.9.1"}]},{"events":[{"introduced":"0"},{"fixed":"100.3.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}