CVE-2022-1529 An attacker could have sent a message to the parent process and used the contents to double-index into a JavaScript object, leading to attacker-controlled JavaScript executing in the privileged parent process.

The fix was implemented by checking the context when looking up a name in a JavaScript object. If the context is not the current context, then the lookup will fail and an exception will be thrown. This prevents the possible situation where a name was looked up from the constructor of a privileged object in the current process, leading to a remote attack vector. To learn more about the attack vector and the fix, see MozillaZine article:

CVE-2023-1530

The fix was implemented by checking the context when looking up a name in a JavaScript object. If the context is not the current context, then the lookup will fail and an exception will be thrown. This prevents the possible situation where a name was looked up from the constructor of a privileged object in the current process, leading to a remote attack vector. To learn more about the attack vector and the fix, see MozillaZine article:

Other issues with the fix

There are other issues with the fix, in particular a small performance impact. This was expected and did not impact most users.

References

Timeline

Published on: 12/22/2022 20:15:00 UTC
Last modified on: 12/29/2022 16:41:00 UTC

References