Mozilla has just released a new version of Firefox browser, but this minor revision is not small in terms of security. The new update brings the browser to version 100.0.2, including two key security fixes. Mozilla has marked these two security fixes as serious. They were reported by Manfred Paul, a researcher of trend technology's zero day program. We recommend that you install them as soon as possible.
Download address:
The first vulnerability relates to a prototype contamination in the implementation of top-level audit.
Mozilla said: "if an attacker can destroy the method of array object in JavaScript through prototype pollution, they can execute JavaScript code controlled by the attacker in a privileged environment."
The second vulnerability, recorded in cve-2022-1529, is an untrusted input for JavaScript object indexing, which Mozilla said also caused prototype contamination.
"The company said:" an attacker may send a message to the parent process, in which the content is used to double index a JavaScript object, resulting in prototype pollution, and finally execute the attacker controlled JavaScript in the privileged parent process. "
As mentioned earlier, all users are advised to update to the latest version of Firefox as soon as possible, especially considering security issues.
Third party statistics show that Google Chrome browser is the number one choice in the market, with a market share of nearly 70%. The runner up is currently owned by Microsoft edge, and Firefox browser is the only influential non chromium browser in the market.