Corrective releases of Firefox 100.0.2, Firefox ESR 91.9.1 and Thunderbird 91.9.1 have been published fixing two vulnerabilities that have been rated Critical. At the Pwn2Own 2022 competition taking place these days, a working exploit was demonstrated that, when opening a specially designed page, bypassed sandbox isolation and executed code in the system. The author of the exploit was awarded a prize of $100.
The first vulnerability (CVE-2022-1802) is present in the implementation of the await operator and allows corrupting methods in the Array object by changing the prototype property ("prototype pollution"). The second vulnerability (CVE-2022-1529) allows the prototype property to be changed when handling unvalidated data during indexing of JavaScript objects. Vulnerabilities allow JavaScript code to be executed in a privileged parent process.
Source: opennet.ru