Mozilla Foundation Security Advisory 2015-27

Caja Compiler JavaScript sandbox bypass

Announced
February 24, 2015
Reporter
Jan de Mooij
Impact
Moderate
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 36
  • SeaMonkey 2.33

Description

Mozilla developer Jan de Mooij reported an issue that affects web content that relies on the Caja Compiler for protection, or other similar sandboxing libraries. He found that some JavaScript objects marked as non-extensible within Caja and Secure EcmaScript could be made extensible again, bypassing the Caja sandboxing security measures, when the JavaScript code should not be allowed to run.

Firefox users are not directly impacted by this issue. This issue affects code running in Caja within loaded web content that should run within its protections.

References