The structured-clone implementation in Mozilla Firefox prior to 34.0 and SeaMonkey prior to 2.31 does not properly interact with XrayWrapper property filtering, which allows remote malicious users to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla seamonkey |