Vulnerability Details : CVE-2014-8636
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
At least one public exploit which can be used to exploit this vulnerability exists!
Exploit prediction scoring system (EPSS) score for CVE-2014-8636
Probability of exploitation activity in the next 30 days: 94.15%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2014-8636
-
Firefox Proxy Prototype Privileged Javascript Injection
Disclosure Date: 2014-01-20First seen: 2020-04-26exploit/multi/browser/firefox_proxy_prototypeThis exploit gains remote code execution on Firefox 31-34 by abusing a bug in the XPConnect component and gaining a reference to the privileged chrome:// window. This exploit requires the user to click anywhere on the page to trigger the vulnerability. Authors: - jo
CVSS scores for CVE-2014-8636
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
nvd@nist.gov |
CWE ids for CVE-2014-8636
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8636
-
http://www.mozilla.org/security/announce/2014/mfsa2015-09.html
XrayWrapper bypass through DOM objects — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=987794
987794 - (CVE-2014-8636) named getters can fool Xrays
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
[security-announce] SUSE-SU-2015:0171-1: important: Security update for
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016
-
http://www.securitytracker.com/id/1031533
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Obtain Potentially Sensitive Information - SecurityTracker
-
http://www.securityfocus.com/bid/72041
Mozilla Firefox/SeaMonkey XrayWrapper Privilege Escalation Vulnerability
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://packetstormsecurity.com/files/130972/Firefox-Proxy-Prototype-Privileged-Javascript-Injection.html
Firefox Proxy Prototype Privileged Javascript Injection ≈ Packet Storm
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/99964
Mozilla Firefox and SeaMonkey XrayWrappers security bypass CVE-2014-8636 Vulnerability Report
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
[security-announce] SUSE-SU-2015:0173-1: important: Security update for
-
https://community.rapid7.com/community/metasploit/blog/2015/03/23/r7-2015-04-disclosure-mozilla-firefox-proxy-prototype-rce-cve-2014-8636
R7-2015-04 Disclosure: Mozilla Firefox Proxy Prototype RCE (CVE-2014-8636)
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
[security-announce] openSUSE-SU-2015:0192-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
[security-announce] openSUSE-SU-2015:0077-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
[security-announce] SUSE-SU-2015:0180-1: important: Security update for
-
http://secunia.com/advisories/62418
Sign in
Products affected by CVE-2014-8636
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*