A vulnerability where the security wrapper does not deny access to some
exposed properties using the deprecated “exposedProps” mechanism on proxy
objects. These properties should be explicitly unavailable to proxy
objects. This vulnerability affects Firefox < 57.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
chrisccoulson | This is not fixed in mozjs52, but it’s unclear whether it is unaffected or just ignored as https://bugzilla.mozilla.org/show_bug.cgi?id=1392026 is still private and I can’t find a changeset referencing it) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 17.10 | noarch | firefox | < 57.0+build4-0ubuntu0.17.10.5 | UNKNOWN |
ubuntu | 18.04 | noarch | firefox | < 57.0.1+build2-0ubuntu1 | UNKNOWN |
ubuntu | 18.10 | noarch | firefox | < 57.0.1+build2-0ubuntu1 | UNKNOWN |
ubuntu | 19.04 | noarch | firefox | < 57.0.1+build2-0ubuntu1 | UNKNOWN |
ubuntu | 19.10 | noarch | firefox | < 57.0.1+build2-0ubuntu1 | UNKNOWN |
ubuntu | 20.04 | noarch | firefox | < 57.0.1+build2-0ubuntu1 | UNKNOWN |
ubuntu | 20.10 | noarch | firefox | < 57.0.1+build2-0ubuntu1 | UNKNOWN |
ubuntu | 21.04 | noarch | firefox | < 57.0.1+build2-0ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | firefox | < 57.0.1+build2-0ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | firefox | < 57.0.1+build2-0ubuntu1 | UNKNOWN |