CVE-2014-8632

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Seamonkey
Vendor: CVE Published:; 11 December 2014

Summary

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.

References

https://security.gentoo.org/glsa/201504-01

vendor-advisoryx_refsource_GENTOO

http://www.oracle.com/technetwork/topics/security/bulleti...

x_refsource_CONFIRM

http://www.mozilla.org/security/announce/2014/mfsa2014-91...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Nov 6, 2014