CVE-2014-8631

CWE-284 — Improper Access Control CWE-2855 documents5 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 55.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedDec 11

Latest updateMay 17

Description

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox33.0

▶NVDmozilla/seamonkey2.30

🔴Vulnerability Details

GHSA

GHSA-j7q9-rg4m-hmcp: The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34↗2022-05-17

▶

CVEList

CVE-2014-8631: The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34↗2014-12-11

▶

📋Vendor Advisories

Red Hat

Mozilla: Privileged access to security wrapped protected objects (MFSA 2014-91)↗2014-12-03

▶

💬Community

Bugzilla

CVE-2014-8631 CVE-2014-8632 Mozilla: Privileged access to security wrapped protected objects (MFSA 2014-91)↗2014-12-01

▶