Unrated severityNVD Advisory· Published Jan 14, 2015· Updated May 6, 2026
CVE-2014-8636
CVE-2014-8636
Description
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
19- www.mozilla.org/security/announce/2014/mfsa2015-09.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.htmlnvd
- packetstormsecurity.com/files/130972/Firefox-Proxy-Prototype-Privileged-Javascript-Injection.htmlnvd
- secunia.com/advisories/62242nvd
- secunia.com/advisories/62250nvd
- secunia.com/advisories/62418nvd
- secunia.com/advisories/62446nvd
- secunia.com/advisories/62790nvd
- www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvd
- www.securityfocus.com/bid/72041nvd
- www.securitytracker.com/id/1031533nvd
- bugzilla.mozilla.org/show_bug.cginvd
- community.rapid7.com/community/metasploit/blog/2015/03/23/r7-2015-04-disclosure-mozilla-firefox-proxy-prototype-rce-cve-2014-8636nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/99964nvd
- security.gentoo.org/glsa/201504-01nvd
News mentions
0No linked articles in our index yet.