Endpoint Vulnerability

Clone protected content with XBL scopes

Description

Security researcher Cody Crews reported a method to bypass System Only Wrappers (SOW) by using XML Binding Language (XBL) content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible.

Affected Products

Firefox,Firefox ESR

References

CVE-2014-1479,