CVE-2014-8632

CWE-284 — Improper Access Control CWE-2855 documents5 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 56.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedDec 11

Latest updateMay 17

Description

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox33.0

▶NVDmozilla/seamonkey2.30

🔴Vulnerability Details

GHSA

GHSA-6h2f-xfhj-5wr4: The structured-clone implementation in Mozilla Firefox before 34↗2022-05-17

▶

CVEList

CVE-2014-8632: The structured-clone implementation in Mozilla Firefox before 34↗2014-12-11

▶

📋Vendor Advisories

Red Hat

Mozilla: Privileged access to security wrapped protected objects (MFSA 2014-91)↗2014-12-03

▶

💬Community

Bugzilla

CVE-2014-8631 CVE-2014-8632 Mozilla: Privileged access to security wrapped protected objects (MFSA 2014-91)↗2014-12-01

▶