Remote Code Execution Vulnerability in Mozilla Firefox and SeaMonkey
CVE-2014-8631

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Seamonkey
Vendor: CVE Published:; 11 December 2014

Summary

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox versions prior to 34.0 and SeaMonkey versions before 2.31 is susceptible to a security flaw that permits remote attackers to circumvent established DOM object restrictions. This is achieved through the invocation of an unspecified method, which could lead to unauthorized actions on behalf of the user, enhancing the risk of potential exploitation and compromise of sensitive data.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=821573

x_refsource_CONFIRM

https://security.gentoo.org/glsa/201504-01

vendor-advisoryx_refsource_GENTOO

http://www.oracle.com/technetwork/topics/security/bulleti...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Nov 6, 2014