Описание
The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 34.0 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [34.0]] |
| lucid | ignored | end of life |
| precise | released | 34.0 |
| trusty | released | 34.0 |
| trusty/esm | DNE | trusty was released [34.0] |
| upstream | needs-triage | |
| utopic | released | 34.0 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| lucid | ignored | end of life |
| precise | not-affected | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | needs-triage | |
| utopic | not-affected |
Показывать по
4.3 Medium
CVSS2
Связанные уязвимости
The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.
The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.
The structured-clone implementation in Mozilla Firefox before 34.0 and ...
The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.
4.3 Medium
CVSS2