Mozilla has released an emergency update that fixes a Firefox and Thunderbird 0day exploited by security researchers at the Pwn2Own 2022 hacking challenge. Firefox 100.0.2, Firefox ESR 91.9.1, Firefox for Android 100.3, and Thunderbird 91.9.1 fix two high-severity vulnerabilities. Security researcher Manfred Paul won a $100,000 bounty for demonstrating the exploit on Pwn2Own. The first vulnerability is prototype pollution implemented by Top-Level Await, and the second vulnerability allows an attacker to abuse the Java object index incorrect input validation in a prototype pollution injection attack.
This article is reprinted from: https://www.solidot.org/story?sid=71636
This site is for inclusion only, and the copyright belongs to the original author.