Endpoint Vulnerability

Bypass of SOW protections allows cloning of protected nodes


Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code.

Affected Products

Firefox ESR