Description
The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.
Exploits
No known exploits found for this CVE.
Search Exploit-DBReferences
security@mozilla.org
http://www.mozilla.org/security/announce/2014/mfsa2014-91.htmlsecurity@mozilla.org
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlsecurity@mozilla.org
https://bugzilla.mozilla.org/show_bug.cgi?id=1050340security@mozilla.org
https://security.gentoo.org/glsa/201504-01af854a3a-2127-422b-91ae-364da2661108
http://www.mozilla.org/security/announce/2014/mfsa2014-91.htmlaf854a3a-2127-422b-91ae-364da2661108
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlaf854a3a-2127-422b-91ae-364da2661108
https://bugzilla.mozilla.org/show_bug.cgi?id=1050340af854a3a-2127-422b-91ae-364da2661108
https://security.gentoo.org/glsa/201504-01