CVE-2014-8632

MEDIUM

Description

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.

References

http://www.mozilla.org/security/announce/2014/mfsa2014-91.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1050340

https://security.gentoo.org/glsa/201504-01

Details

Source: MITRE

Published: 2014-12-11

Updated: 2016-12-22

Type: CWE-284

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM