Endpoint Vulnerability

Redefinition of non-configurable JavaScript object properties

Description

Security researcher Andr Bargull reported non-configurable properties on JavaScript objects can be redefined while parsing JSON in violation of the ECMAScript 6 standard. This allows malicious web content to bypass same-origin policy by editing these properties to arbitrary values.

Affected Products

Firefox,Firefox ESR

References

CVE-2015-4478,