XrayWrapper Bypass Vulnerability in Mozilla Firefox and SeaMonkey
CVE-2014-8632

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Seamonkey
Vendor: CVE Published:; 11 December 2014

Summary

The structured-clone implementation in Mozilla Firefox prior to version 34.0 and SeaMonkey prior to version 2.31 is vulnerable due to improper interaction with XrayWrapper property filtering. This flaw enables remote attackers to bypass restrictions on DOM objects by exploiting the availability of properties after the removal of the XrayWrapper, potentially leading to unauthorized access to sensitive data or functionality within the application.

References

https://security.gentoo.org/glsa/201504-01

vendor-advisoryx_refsource_GENTOO

http://www.oracle.com/technetwork/topics/security/bulleti...

x_refsource_CONFIRM

http://www.mozilla.org/security/announce/2014/mfsa2014-91...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Nov 6, 2014