CVE 2015-7204
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.
See the
CVE page on Mitre.org
for more details.