Endpoint Vulnerability

Debugger can bypass XrayWrappers with JavaScript

Description

Mozilla developer Boris Zbarsky discovered that the debugger will work with some objects while bypassing XrayWrappers. This could lead to privilege escalation if the victim used the debugger to interact with a malicious page.

Affected Products

Firefox

References

CVE-2014-1526,