Mozilla developer Jeff Walden reported that in Gecko's implementation of ECMAScript 5 API's enforces non-configurable properties with logic specific to each API. Scripts that do not go through these APIs can bypass these protections and make changes to the immutable properties in violation of security protections. This could potentially allow for web content to run in a privileged context leading to arbitrary code execution. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2015-109/
Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jeff Walden as the original reporter.
This issue was fixed in Firefox version 41.