Endpoint Vulnerability

JavaScript immutable property enforcement can be bypassed

Description

Mozilla developer Jeff Walden reported that in Gecko's implementation of ECMAScript 5 API's enforces non-configurable properties with logic specific to each API. Scripts that do not go through these APIs can bypass these protections and make changes to the immutable properties in violation of security protections. This could potentially allow for web content to run in a privileged context leading to arbitrary code execution.

Affected Products

SeaMonkey

References

CVE-2015-4516,