Show plain JSON{"affected_release": [{"advisory": "RHSA-2022:4729", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:91.9.1-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-05-24T00:00:00Z"}, {"advisory": "RHSA-2022:4730", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:91.9.1-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-05-24T00:00:00Z"}, {"advisory": "RHSA-2022:4769", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:91.9.1-1.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-27T00:00:00Z"}, {"advisory": "RHSA-2022:4776", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:91.9.1-1.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-27T00:00:00Z"}, {"advisory": "RHSA-2022:4767", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "firefox-0:91.9.1-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-05-27T00:00:00Z"}, {"advisory": "RHSA-2022:4770", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "thunderbird-0:91.9.1-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-05-27T00:00:00Z"}, {"advisory": "RHSA-2022:4768", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "firefox-0:91.9.1-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-05-27T00:00:00Z"}, {"advisory": "RHSA-2022:4773", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "thunderbird-0:91.9.1-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-05-26T00:00:00Z"}, {"advisory": "RHSA-2022:4766", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "firefox-0:91.9.1-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-05-27T00:00:00Z"}, {"advisory": "RHSA-2022:4774", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "thunderbird-0:91.9.1-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-05-27T00:00:00Z"}, {"advisory": "RHSA-2022:4765", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:91.9.1-1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-05-27T00:00:00Z"}, {"advisory": "RHSA-2022:4772", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:91.9.1-1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-05-27T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution", "id": "2089218", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089218"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-843", "details": ["An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.", "The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process."], "name": "CVE-2022-1529", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2022-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1529\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1529\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-19/#CVE-2022-1529"], "threat_severity": "Critical"}