Title: Google Caja Escaped Letter Sequence Handling Arbitrary Code Execution
Aug 21, 2013
Nov 21, 2013
Google Caja contains a flaw that is triggered when handling escaped letters such as 'de\u006Cete' as an identifier or a reserved word. This may allow a remote attacker to execute arbitrary code through unspecified means.
Remote / Network Access
Loss of Integrity
It has been reported that this issue has been fixed. Upgrade to version r5632, or higher, to address this vulnerability.