Back to search
CVE-2014-8636
Published: Jan 14, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
62242
third-party-advisory
x_refsource_SECUNIA
72041
vdb-entry
x_refsource_BID
1031533
vdb-entry
x_refsource_SECTRACK
openSUSE-SU-2015:0192
vendor-advisory
x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=987794
x_refsource_CONFIRM
firefox-cve20148636-sec-bypass(99964)
vdb-entry
x_refsource_XF
62250
third-party-advisory
x_refsource_SECUNIA
SUSE-SU-2015:0173
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2015:0077
vendor-advisory
x_refsource_SUSE
62418
third-party-advisory
x_refsource_SECUNIA
SUSE-SU-2015:0171
vendor-advisory
x_refsource_SUSE
GLSA-201504-01
vendor-advisory
x_refsource_GENTOO
62790
third-party-advisory
x_refsource_SECUNIA
http://www.mozilla.org/security/announce/2014/mfsa2015-09.html
x_refsource_CONFIRM
62446
third-party-advisory
x_refsource_SECUNIA
SUSE-SU-2015:0180
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now