Mozilla Foundation Security Advisory 2015-09
XrayWrapper bypass through DOM objects
- January 13, 2015
- Bobby Holley, Joe Vennix
- Firefox, SeaMonkey
- Fixed in
- Firefox 35
- SeaMonkey 2.32
Mozilla developer Bobby Holley reported that Document Object Model (DOM) objects with some specific properties can bypass XrayWrappers. This can allow web content to confuse privileged code, potentially enabling privilege escalation.
Update for February 12, 2015: Security researcher Joe Vennix of Rapid7 also reported another issue caused by this same problem. He discovered that setting a prototype to a proxy object could allow web content to open privileged window with the
chrome property, allowing for escalation of privilege.