Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
Mozilla
Google
RCE
Firefox
Chrome
NVD
CVSS 2.0
9.3
EPSS
1.4%