CVE-2022-1529 log

Severity Critical
Remote Yes
Type Arbitrary code execution
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process.
Group Package Affected Fixed Severity Status Ticket
AVG-2729 thunderbird 91.9.0-1 91.9.1-1 Critical Fixed
AVG-2728 firefox 100.0.1-1 100.0.2-1 Critical Fixed