You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 2, 2021. It is now read-only.
Kevin Reid edited this page Apr 16, 2015
·
1 revision
(legacy summary: Security Advisory 2013/04/10)
Caja Security Advisory 2013/04/10
Caja prior to version r5341 is vulnerable to takeover of the host page by guest code if run in ES5 mode. If you depend on Caja for security, either upgrade to version r5341 or later, or backport the security patch.
Details
Security in ES5 mode depends on none of the host page's objects being accessible by guest code (as each of them conveys access to the host's Object.prototype which may be mutated), but Caja neglected to prevent exceptions thrown by the browser's DOM API from reaching the guest code.
This only affects ES5 mode. It doesn't affect ES5/3 mode.