Access Restriction Bypass in Mozilla Firefox and SeaMonkey
CVE-2014-1526

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Seamonkey
Vendor: CVE Published:; 30 April 2014

What is CVE-2014-1526?

The XrayWrapper implementation in Mozilla Firefox and SeaMonkey allows user-assisted remote attackers to bypass access restrictions. By visiting a specially crafted website in the debugger, attackers can exploit the vulnerability to perform unwrapping operations and execute DOM method calls on unwrapped objects. This can lead to unauthorized actions and exposure of sensitive data.

References

http://lists.opensuse.org/opensuse-updates/2014-05/msg000...

vendor-advisoryx_refsource_SUSE

http://lists.opensuse.org/opensuse-updates/2014-05/msg000...

vendor-advisoryx_refsource_SUSE

http://www.mozilla.org/security/announce/2014/mfsa2014-47...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2014
Vulnerability Reserved
Jan 16, 2014