CVE-2015-4478 (retired)

Priority
Description
Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose
certain ECMAScript 6 requirements on JavaScript object properties, which
allows remote attackers to bypass the Same Origin Policy via the reviver
parameter to the JSON.parse method.
Assigned-to
chrisccoulson
Package
Upstream:released (40.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (40.0+build4-0ubuntu0.14.04.1)
More Information

Updated: 2019-03-26 12:15:36 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)