SB2022053022 - Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions update for firefox 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022053022

SB2022053022 - Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions update for firefox

Published: May 30, 2022 Updated: August 20, 2022

Security Bulletin ID SB2022053022
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2022-1529)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input within the NotificationsDB module. A remote attacker can trick the victim to visit a specially crafted web page, which passes malicious messages to the parent process where the contents is used to double-index into a JavaScript object. As a result, an attacker can perform prototype pollution and execute arbitrary JavaScript code in the privileged parent process.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.


2) Code Injection (CVE-ID: CVE-2022-1802)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to prototype pollution in Top-Level Await implementation. A remote attacker can trick the victim to visit a specially crafted website, corrupt the methods of an Array object in JavaScript via prototype pollution and execute arbitrary JavaScript code in a privileged context.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.


Remediation

Install update from vendor's website.

References