The bug could enable an attacker to corrupt the methods of an Array object in JavaScript via prototype pollution, potentially achieving the execution of attacker-controlled JavaScript code in a privileged context.Ī second bug, tracked as CVE-2022-1529, could allow an attacker to send a message to the parent process where the contents could be used to double-index into a JavaScript object, leading to prototype pollution and ultimately allowing attacker-controlled JavaScript executing in the privileged parent process. Tor Browser is a modification of the open source Firefox web browser, which is where the critical vulnerability, tracked as CVE-2022-1802, was found. Tails is warning users to stop using Tor Browser that comes bundled with the privacy-focused operating system (OS), after the discovery of a prototype pollution vulnerability. Critical vulnerability has been fixed upstream, but Tails dev team ‘doesn’t have the capacity to publish an emergency release earlier’
0 kommentar(er)
