Mozilla developer Bobby Holley reported that Document Object Model (DOM) objects with some specific properties can bypass XrayWrappers. This can allow web content to access privileged code by compromising their XrayWrappers. External Reference: http://www.mozilla.org/security/announce/2015/mfsa2015-09.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bobby Holley as the original reporter. Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.