Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8636

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-8636
Last Modified 31 Mar 2015 09:59:48
Published 14 Jan 2015 06:59:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-8636

Summary

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.

Vulnerable Systems

Application

  • Mozilla Firefox 34.0.5

  • Mozilla Seamonkey 2.31


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=987794

CONFIRM - http://www.mozilla.org/security/announce/2014/mfsa2015-09.html

SECTRACK - 1031533

SECUNIA - 62250

SECUNIA - 62242

SECUNIA - 62790

SECUNIA - 62446

SUSE - openSUSE-SU-2015:0192

SUSE - openSUSE-SU-2015:0077

SUSE - SUSE-SU-2015:0180

SUSE - SUSE-SU-2015:0173

SUSE - SUSE-SU-2015:0171

MISC - https://community.rapid7.com/community/metasploit/blog/2015/03/23/r7-2015-04-disclosure-mozilla-firefox-proxy-prototype-rce-cve-2014-8636

MISC - http://packetstormsecurity.com/files/130972/Firefox-Proxy-Prototype-Privileged-Javascript-Injection.html

Related Patches

Mozilla Firefox 35.0 for Mac OS X (See Notes)


Last Updated: 27 May 2016 11:08:15