Unrated severityNVD Advisory· Published Dec 11, 2014· Updated May 6, 2026

CVE-2014-8632

Description

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.

Affected products

Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Range: <=33.0
Mozilla Corporation/Seamonkey
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Range: <=2.30

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mozilla.org/security/announce/2014/mfsa2014-91.htmlnvdVendor Advisory
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvd
bugzilla.mozilla.org/show_bug.cginvd
security.gentoo.org/glsa/201504-01nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000