Lucene search
Mozilla FoundationMFSA2015-09HistoryJan 13, 2015 - 12:00 a.m.
XrayWrapper bypass through DOM objects — Mozilla
2015-01-1300:00:00
Mozilla Foundation
www.mozilla.org
33
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.937
Percentile
99.1%
Mozilla developer Bobby Holley reported that Document Object Model (DOM) objects with some specific properties can bypass XrayWrappers. This can allow web content to confuse privileged code, potentially enabling privilege escalation.
Affected configurations
Node
mozillafirefoxRange<35
ORmozillaseamonkeyRange<2.32
Related
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-09) - Linux
2021-11-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0180-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0171-1)
2021-06-09 00:00:00
nvd
nvd
CVE-2014-8636
2015-01-14 11:59:05
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox XrayWrapper Policy Bypass (CVE-2014-8636)
2015-04-19 00:00:00
Mozilla Firefox Proxy Prototype Remote Code Execution (CVE-2014-8636)
2015-03-26 00:00:00
exploitdb
exploitdb
packetstorm
packetstorm
Firefox Proxy Prototype Privileged Javascript Injection
2015-03-24 00:00:00
ubuntucve
ubuntucve
CVE-2014-8636
2015-01-14 00:00:00
prion
prion
Design/Logic Flaw
2015-01-14 11:59:00
cvelist
cvelist
CVE-2014-8636
2015-01-14 11:00:00
kaspersky
kaspersky
KLA10445 ACE vulnerability in Mozilla
2015-01-13 00:00:00
zdt
zdt
Firefox Proxy Prototype Privileged Javascript Injection Exploit
2015-03-27 00:00:00
cve
cve
CVE-2014-8636
2015-01-14 11:59:05
metasploit
metasploit
Firefox Proxy Prototype Privileged Javascript Injection
2015-03-23 18:44:41
nessus
nessus
SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:0171-1)
2015-05-20 00:00:00
SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10225)
2015-02-02 00:00:00
SUSE SLES11 Security Update : Mozilla Firefox (SUSE-SU-2015:0173-1)
2015-05-20 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2015-01-29 07:04:56
Security update for Mozilla Firefox (important)
2015-01-31 01:09:23
Security update for Mozilla Firefox (important)
2015-01-29 07:06:36
archlinux
archlinux
firefox: multiple issues
2015-01-14 00:00:00
ubuntu
ubuntu
Firefox regression
2015-01-27 00:00:00
Ubufox update
2015-01-14 00:00:00
Firefox vulnerabilities
2015-01-14 00:00:00
mageia
mageia
Updated iceape package fixes security vulnerabilities
2015-01-19 19:47:36
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-01-19 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-01-13 00:00:00
googleprojectzero
googleprojectzero
Attacking ECMAScript Engines with Redefinition
2015-08-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.937
Percentile
99.1%
Related for MFSA2015-09