Mozilla patches two critical security issues in Firefox and Thunderbird

Mozilla published updates for its Firefox and Firefox ESR web browsers on May 20, 2022. The Thunderbird development team released a patch for the email client as well. The security updates patch two critical security issues in the Firefox web browser and Thunderbird.
Here is the list of products with updates:
- Firefox 100.0.2
- Firefox ESR 91.9.1
- Firefox for Android 100.3
- Thunderbird 91.9.1
The updates are available already, and most user installations will be updated automatically. Desktop users who don't want to wait until that happens may run a manual check for updates to speed up the installation.
- Firefox: select Menu > Help > About Firefox. Firefox runs a manual check for updates. Any update that is found will be downloaded and installed.
- Thunderbird: select Help > About Thunderbird. Thunderbird will also check for updates and install any that it finds.
Note: Firefox for Android is updated via Google Play. There is no option to speed up the delivery of updates on Android via Google Play.
The official release notes list a single entry, that confirm the security nature of the update. Mozilla published a security advisory for all affected versions of the web browser that provide additional details on the issues:
There, users find out that two security issues have been patched in the update. Both issues have the severity rating of critical, the highest rating that is available. They were reported to Mozilla by Manfred Paul via Trend Micro's Zero Day Initiative.
CVE-2022-1802: Prototype pollution in Top-Level Await implementation
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.
CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process.
The linked bug reports are restricted. Mozilla makes no mention of attacks in the wilds that target these vulnerabilities.
Firefox and Thunderbird users may want to update their applications quickly to protect them against attacks targeting these issues.
Now You: when do you update your applications?


You said that Outlook isn’t your main email client, so which is your main one?
I think its thunderbird
It is Mozilla Thunderbird.
Awesome! This actually solved my problem… what a stupid bug.
If this is the same bug that I’ve encountered, there may be another fix: (1) hover over open Outlook item in Taskbar, cursor up to hover over Outlook window item, and right-click; (2) this should give you Restore / Move / Size / Minimize / Maximize — choose Move or Size; (3) use your cursor keys, going arbitrarily N/S/E/W, to try to move or size the Outlook window back into view. Basically, the app behaves as though it were open in a 0x0 window, or at a location that’s offscreen, and this will frequently work to resize and/or move the window. Don’t forget to close while resized/moved, so that Outlook remembers the size/position for next time.
THANK YOU Claude!!! I could get the main window to launch but could not get any other message window to show on the desktop. You are my hero!!!!
Solved my issue! 6 years later and this is still problem…
Fantastic. Thank you. Size did the trick.
This solved my Outlook problem, too. Thank you. :)
Thank you so much, this started happening to me today and was causing big problems. You are a life saver, I hope I can help you in some way some day.
You are a god – thank you!
thanks a lot…. work like charm.. :-)
Yah…thanks Claude. I’ve been having the same problem and tried all the suggestions…your solution was the answer. It had resized itself to a 0/0 box. Cheers
Excellent post. This had me baffled even trying to accurately describe the problem. This fixed it for me.
Thank you
Thanks a lot for the article. Don’t know why it happenend, don’t know how it got fixed, but it was really annoying and now it works :-)
Thanks a lot. I was facing this issue from past 3 week. I tried everything but no resolution. The issue was happening intermittently and mainly when I was changing the display of screen ( as i use 2 monitors). The only option i had was to do system restore. But thanks to you.
I’ve been tried to sole this problem for 12hours. Your comment about changing the display of screen helped me a lot!! Thanks!!
Thank you…don’t know why this happened but your instructions helped me fix it. Running Windows 10 and office pro 2007
Great tip! Thanks!
Worked for me, too – thank you!!!
It’s Worked for me, too
thank you very much!
I had a similar issue with Outlook 2013 on Windows 10 and this helped me to fix it. Thank you very much!
Thank you so much. Solved!
Considering you published this in 2012, incredible not been debugged by Microsoft.
Thank you again. M
This problem was faced by only one user logging to TS 2008 r2 using outlook 2010.The issue was resolved.
Thanks.
Great tip. Thank you!!!! If it helps, I had to use the Control Key and the arrow keys at the same time to bring my window back into view. Worked like a charm.
Thank you, this worked !!!!
Man, you are a fucking god. Thanks a lot, what an annoying bug!!
Awesome, this post solved the issue. Many thanks!