CVE-2014-8632

CVE Database · CVE-2014-8632

CVE-2014-8632

· N/AModified

CVSS v3.1

N/A

EPSS

1.02%

Published

Dec 11, 2014

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.

Weaknesses (CWE)

CWE-284

Affected Products (2)

mozilla · firefoxvulnerable

mozilla · seamonkeyvulnerable

References (8)

http://www.mozilla.org/security/announce/2014/mfsa2014-91.html

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1050340

https://security.gentoo.org/glsa/201504-01

http://www.mozilla.org/security/announce/2014/mfsa2014-91.html

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1050340

https://security.gentoo.org/glsa/201504-01

KEV Catalog EPSS Scores Vendors All CVEs