Mozilla Foundation Security Advisory 2015-82

Redefinition of non-configurable JavaScript object properties

Announced
August 11, 2015
Reporter
André Bargull
Impact
High
Products
Firefox, Firefox ESR, SeaMonkey
Fixed in
  • Firefox 40
  • Firefox ESR 38.2
  • SeaMonkey 2.35

Description

Security researcher André Bargull reported non-configurable properties on JavaScript objects can be redefined while parsing JSON in violation of the ECMAScript 6 standard. This allows malicious web content to bypass same-origin policy by editing these properties to arbitrary values.

References