Endpoint Vulnerability

Bypass of SOW protections allows cloning of protected nodes

Description

Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code.

Affected Products

Firefox ESR

References

CVE-2013-0795,