Описание
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-8636
- https://bugzilla.mozilla.org/show_bug.cgi?id=987794
- https://community.rapid7.com/community/metasploit/blog/2015/03/23/r7-2015-04-disclosure-mozilla-firefox-proxy-prototype-rce-cve-2014-8636
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99964
- https://security.gentoo.org/glsa/201504-01
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
- http://packetstormsecurity.com/files/130972/Firefox-Proxy-Prototype-Privileged-Javascript-Injection.html
- http://secunia.com/advisories/62242
- http://secunia.com/advisories/62250
- http://secunia.com/advisories/62418
- http://secunia.com/advisories/62446
- http://secunia.com/advisories/62790
- http://www.mozilla.org/security/announce/2014/mfsa2015-09.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/72041
- http://www.securitytracker.com/id/1031533
Связанные уязвимости
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaM ...