Bugzilla – Bug 913102
VUL-0: CVE-2014-8636: MozillaFirefox: The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkeybefore 2.32 does not pro...
Last modified: 2015-02-02 14:19:13 UTC
CVE-2014-8636 The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636 http://www.mozilla.org/security/announce/2014/mfsa2015-09.html https://bugzilla.mozilla.org/show_bug.cgi?id=987794
bugbot adjusting priority
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2015-01-22. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60231
SUSE-SU-2015:0180-1: An update that solves 8 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 910647,910669,913064,913066,913067,913068,913102,913103,913104 CVE References: CVE-2014-1569,CVE-2014-8634,CVE-2014-8636,CVE-2014-8637,CVE-2014-8638,CVE-2014-8639,CVE-2014-8640,CVE-2014-8641 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11 SUSE Linux Enterprise Server 11 SP3 for VMware (src): MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11 SUSE Linux Enterprise Server 11 SP3 (src): MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11 SUSE Linux Enterprise Desktop 11 SP3 (src): MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
released