Endpoint Vulnerability

Web content bypass of COW and SOW security wrappers


Mozilla developer Bobby Holley discovered that it was possible to bypass some protections in Chrome Object Wrappers (COW) and System Only Wrappers (SOW), making their prototypes mutable by web content. This could be used leak information from chrome objects and possibly allow for arbitrary code execution.

Affected Products

Firefox ESR