Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2015-09
HistoryJan 13, 2015 - 12:00 a.m.

XrayWrapper bypass through DOM objects — Mozilla

2015-01-1300:00:00
Mozilla Foundation
www.mozilla.org
21

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.937 High

EPSS

Percentile

99.1%

JSON

Mozilla developer Bobby Holley reported that Document Object Model (DOM) objects with some specific properties can bypass XrayWrappers. This can allow web content to confuse privileged code, potentially enabling privilege escalation.

CPENameOperatorVersion
firefoxlt35
seamonkeylt2.32

Related

openvas 18
checkpoint_advisories 2
packetstorm 1
ubuntucve 1
zdt 1
kaspersky 1
cve 1
prion 1
metasploit 1
exploitdb 1
suse 6
nessus 17
archlinux 1
ubuntu 3
mageia 1
securityvulns 1
freebsd 1
googleprojectzero 1
gentoo 1
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-09) - Linux
2021-11-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0180-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0171-1)
2021-06-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox XrayWrapper Policy Bypass (CVE-2014-8636)
2015-04-19 00:00:00
Mozilla Firefox Proxy Prototype Remote Code Execution (CVE-2014-8636)
2015-03-26 00:00:00
packetstorm
packetstorm
Firefox Proxy Prototype Privileged Javascript Injection
2015-03-24 00:00:00
ubuntucve
ubuntucve
CVE-2014-8636
2015-01-14 00:00:00
zdt
zdt
Firefox Proxy Prototype Privileged Javascript Injection Exploit
2015-03-27 00:00:00
kaspersky
kaspersky
KLA10445 ACE vulnerability in Mozilla
2015-01-13 00:00:00
cve
cve
CVE-2014-8636
2015-01-14 11:59:00
prion
prion
Design/Logic Flaw
2015-01-14 11:59:00
metasploit
metasploit
Firefox Proxy Prototype Privileged Javascript Injection
2015-03-23 18:44:41
exploitdb
exploitdb
Mozilla Firefox - Proxy Prototype Privileged JavaScript Injection (Metasploit)
2015-03-24 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2015-01-29 07:04:56
Security update for Mozilla Firefox (important)
2015-01-31 01:09:23
Security update for Mozilla Firefox (important)
2015-01-29 07:06:36
nessus
nessus
SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:0171-1)
2015-05-20 00:00:00
SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10225)
2015-02-02 00:00:00
SUSE SLES11 Security Update : Mozilla Firefox (SUSE-SU-2015:0173-1)
2015-05-20 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-01-14 00:00:00
ubuntu
ubuntu
Firefox regression
2015-01-27 00:00:00
Ubufox update
2015-01-14 00:00:00
Firefox vulnerabilities
2015-01-14 00:00:00
mageia
mageia
Updated iceape package fixes security vulnerabilities
2015-01-19 19:47:36
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-01-19 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-01-13 00:00:00
googleprojectzero
googleprojectzero
Attacking ECMAScript Engines with Redefinition
2015-08-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.937 High

EPSS

Percentile

99.1%

JSON
Related for MFSA2015-09
openvas18checkpoint_advisories2packetstorm1ubuntucve1zdt1kaspersky1cve1prion1metasploit1exploitdb1suse6nessus17archlinux1ubuntu3mageia1securityvulns1freebsd1googleprojectzero1gentoo1