The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2014-12-11T11:00:00

Updated: 2024-08-06T13:26:02.195Z

Reserved: 2014-11-06T00:00:00

Link: CVE-2014-8632

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-12-11T11:59:13.837

Modified: 2024-11-21T02:19:29.080

Link: CVE-2014-8632

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-12-03T00:00:00Z

Links: CVE-2014-8632 - Bugzilla