CVE-2015-0820

Published: 25 February 2015

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (36)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [36.0+build2-0ubuntu0.14.04.4])