Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
Mozilla
Authentication Bypass
Opensuse
Firefox
Ubuntu Linux
NVD
CVSS 2.0
2.6
EPSS
0.3%