Lucene search

K
mozillaMozilla FoundationMFSA2015-09
HistoryJan 13, 2015 - 12:00 a.m.

XrayWrapper bypass through DOM objects — Mozilla

2015-01-1300:00:00
Mozilla Foundation
www.mozilla.org
21

0.937 High

EPSS

Percentile

99.1%

Mozilla developer Bobby Holley reported that Document Object Model (DOM) objects with some specific properties can bypass XrayWrappers. This can allow web content to confuse privileged code, potentially enabling privilege escalation.

CPENameOperatorVersion
firefoxlt35
seamonkeylt2.32