JavaScript Object Property Bypass in Mozilla Firefox
CVE-2015-4478

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Opensuse
Vendor: CVE Published:; 16 August 2015

Summary

This vulnerability in Mozilla Firefox allows remote attackers to bypass the Same Origin Policy. Specifically, it arises from insufficient requirements on JavaScript object properties when using ECMAScript 6, particularly via the reviver parameter of the JSON.parse method. This could lead to potential security breaches, as attacker-supplied JavaScript may be executed in privileged contexts, undermining user security and privacy.

References

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

https://bugzilla.mozilla.org/show_bug.cgi?id=1105914

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-updates/2015-08/msg000...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Aug 16, 2015
Vulnerability Reserved
Jun 10, 2015