{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3038?format=json","vulnerability_id":"VCID-3z7f-gy4g-m7fy","summary":"Mozilla developer Bobby Holley reported that Document Object\nModel (DOM) objects with some specific properties can bypass XrayWrappers. This\ncan allow web content to confuse privileged code, potentially enabling privilege\nescalation.\nUpdate for February 12, 2015: Security researcher Joe Vennix of Rapid7 also reported another issue caused by this same problem. He discovered that setting a prototype to a proxy object could allow web content to open privileged window with the chrome property, allowing for escalation of privilege.","aliases":[{"alias":"CVE-2014-8636"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1243?format=json","purl":"pkg:mozilla/Firefox@35.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@35.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1244?format=json","purl":"pkg:mozilla/SeaMonkey@2.32.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.32.0"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636","reference_id":"CVE-2014-8636","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-09","reference_id":"mfsa2015-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-09"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3z7f-gy4g-m7fy"}