Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2015-09

XrayWrapper bypass through DOM objects

January 13, 2015
Bobby Holley, Joe Vennix
Firefox, SeaMonkey
Fixed in
  • Firefox 35
  • SeaMonkey 2.32


Mozilla developer Bobby Holley reported that Document Object Model (DOM) objects with some specific properties can bypass XrayWrappers. This can allow web content to confuse privileged code, potentially enabling privilege escalation.

Update for February 12, 2015: Security researcher Joe Vennix of Rapid7 also reported another issue caused by this same problem. He discovered that setting a prototype to a proxy object could allow web content to open privileged window with the chrome property, allowing for escalation of privilege.