The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2014-12-11T11:00:00
Updated: 2024-08-06T13:26:02.195Z
Reserved: 2014-11-06T00:00:00
Link: CVE-2014-8632
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-12-11T11:59:13.837
Modified: 2024-11-21T02:19:29.080
Link: CVE-2014-8632
Redhat