Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2014-AVI-053
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Mozilla. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
Vendor | Product | Description | ||
---|---|---|---|---|
Mozilla | Firefox | Versions antérieures à Firefox 27 | ||
Mozilla | N/A | versions antérieures à Seamonkey 2.24 | ||
Mozilla | Thunderbird | versions antérieures à Thunderbird 24.3 | ||
Mozilla | Firefox ESR | versions antérieures à Firefox ESR 24.3 |
References
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Versions ant\u00e9rieures \u00e0 Firefox 27", "product": { "name": "Firefox", "vendor": { "name": "Mozilla", "scada": false } } }, { "description": "versions ant\u00e9rieures \u00e0 Seamonkey 2.24", "product": { "name": "N/A", "vendor": { "name": "Mozilla", "scada": false } } }, { "description": "versions ant\u00e9rieures \u00e0 Thunderbird 24.3", "product": { "name": "Thunderbird", "vendor": { "name": "Mozilla", "scada": false } } }, { "description": "versions ant\u00e9rieures \u00e0 Firefox ESR 24.3", "product": { "name": "Firefox ESR", "vendor": { "name": "Mozilla", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2014-1480", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1480" }, { "name": "CVE-2014-1482", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1482" }, { "name": "CVE-2014-1487", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1487" }, { "name": "CVE-2014-1481", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1481" }, { "name": "CVE-2014-1477", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1477" }, { "name": "CVE-2014-1478", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1478" }, { "name": "CVE-2014-1489", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1489" }, { "name": "CVE-2014-1491", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1491" }, { "name": "CVE-2014-1479", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1479" }, { "name": "CVE-2014-1490", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1490" }, { "name": "CVE-2014-1484", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1484" }, { "name": "CVE-2014-1486", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1486" }, { "name": "CVE-2014-1485", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1485" }, { "name": "CVE-2014-1483", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1483" }, { "name": "CVE-2014-1488", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1488" } ], "initial_release_date": "2014-02-05T00:00:00", "last_revision_date": "2014-02-05T00:00:00", "links": [], "reference": "CERTFR-2014-AVI-053", "revisions": [ { "description": "version initiale.", "revision_date": "2014-02-05T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eMozilla\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-05 du 04 f\u00e9vrier 2014", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-05.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-03 du 04 f\u00e9vrier 2014", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-03.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-07 du 04 f\u00e9vrier 2014", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-07.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-11 du 04 f\u00e9vrier 2014", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-11.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-08 du 04 f\u00e9vrier 2014", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-08.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-06 du 04 f\u00e9vrier 2014", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-06.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-12 du 04 f\u00e9vrier 2014", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-09 du 04 f\u00e9vrier 2014", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-02 du 04 f\u00e9vrier 2014", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-10 du 04 f\u00e9vrier 2014", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-10.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-04 du 04 f\u00e9vrier 2014", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-04.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-01 du 04 f\u00e9vrier 2014", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-01.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-13 du 04 f\u00e9vrier 2014", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-13.html" } ] }
CVE-2014-1487 (GCVE-0-2014-1487)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:35.982Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=947592" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "name": "65330", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65330" }, { "name": "mozilla-cve20141487-info-disc(90889)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90889" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "102873", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102873" }, { "name": "RHSA-2014:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56761" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56706" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=947592" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "name": "65330", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65330" }, { "name": "mozilla-cve20141487-info-disc(90889)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90889" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "102873", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102873" }, { "name": "RHSA-2014:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56761" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56706" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1487", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2119-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "name": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=947592", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=947592" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "65330", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65330" }, { "name": "mozilla-cve20141487-info-disc(90889)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90889" }, { "name": "https://8pecxstudios.com/?page_id=44080", "refsource": "CONFIRM", "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "102873", "refsource": "OSVDB", "url": "http://osvdb.org/102873" }, { "name": "RHSA-2014:0133", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56761" }, { "name": "FEDORA-2014-2041", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56706" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1487", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:35.982Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1482 (GCVE-0-2014-1482)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:35.543Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=943803" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "102868", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102868" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-04.html" }, { "name": "56761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56761" }, { "name": "firefox-cve20141482-code-exec(90894)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90894" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56706" }, { "name": "65328", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65328" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=943803" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "102868", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102868" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-04.html" }, { "name": "56761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56761" }, { "name": "firefox-cve20141482-code-exec(90894)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90894" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56706" }, { "name": "65328", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65328" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1482", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2119-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "name": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=943803", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=943803" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "https://8pecxstudios.com/?page_id=44080", "refsource": "CONFIRM", "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "102868", "refsource": "OSVDB", "url": "http://osvdb.org/102868" }, { "name": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-04.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-04.html" }, { "name": "56761", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56761" }, { "name": "firefox-cve20141482-code-exec(90894)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90894" }, { "name": "FEDORA-2014-2041", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56706" }, { "name": "65328", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65328" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1482", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:35.543Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1478 (GCVE-0-2014-1478)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:35.438Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029721" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=922603" }, { "name": "102865", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102865" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "65324", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65324" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=946733" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=925308" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=911707" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029720" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950452" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=938431" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=945585" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=916635" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=867597" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=944321" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=942152" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=942940" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=924348" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=953373" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=911845" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=939472" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=932162" }, { "name": "firefox-cve20141478-code-exec(90900)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90900" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56767" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=944278" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=944851" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56706" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029721" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=922603" }, { "name": "102865", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102865" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "65324", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65324" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=946733" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=925308" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=911707" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029720" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950452" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=938431" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=945585" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=916635" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=867597" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=944321" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=942152" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=942940" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=924348" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=953373" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=911845" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=939472" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=932162" }, { "name": "firefox-cve20141478-code-exec(90900)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90900" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56767" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=944278" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=944851" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56706" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1478", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1029721", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029721" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=922603", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=922603" }, { "name": "102865", "refsource": "OSVDB", "url": "http://osvdb.org/102865" }, { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "65324", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65324" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=946733", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=946733" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-01.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-01.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=925308", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=925308" }, { "name": "https://8pecxstudios.com/?page_id=44080", "refsource": "CONFIRM", "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=911707", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=911707" }, { "name": "56922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029720" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=950452", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950452" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=938431", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=938431" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=945585", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=945585" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=916635", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=916635" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=867597", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=867597" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=944321", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=944321" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=942152", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=942152" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=942940", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=942940" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=924348", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=924348" }, { "name": "openSUSE-SU-2014:0419", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=953373", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=953373" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=911845", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=911845" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=939472", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=939472" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=932162", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=932162" }, { "name": "firefox-cve20141478-code-exec(90900)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90900" }, { "name": "openSUSE-SU-2014:0213", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56767" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=944278", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=944278" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=944851", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=944851" }, { "name": "56706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56706" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1478", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:35.438Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1486 (GCVE-0-2014-1486)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:36.212Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029721" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=942164" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "102872", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102872" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56761" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "65334", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65334" }, { "name": "firefox-cve20141486-code-exec(90890)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90890" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56767" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-08.html" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56706" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029721" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=942164" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "102872", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102872" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56761" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "65334", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65334" }, { "name": "firefox-cve20141486-code-exec(90890)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90890" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56767" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-08.html" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56706" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1486", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2119-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "name": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029721" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=942164", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=942164" }, { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "https://8pecxstudios.com/?page_id=44080", "refsource": "CONFIRM", "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "102872", "refsource": "OSVDB", "url": "http://osvdb.org/102872" }, { "name": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56761" }, { "name": "FEDORA-2014-2041", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "65334", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65334" }, { "name": "firefox-cve20141486-code-exec(90890)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90890" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56767" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-08.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-08.html" }, { "name": "56706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56706" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1486", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:36.212Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1479 (GCVE-0-2014-1479)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:35.791Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56858" }, { "name": "firefox-cve20141479-sec-bypass(90898)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90898" }, { "name": "102866", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102866" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "65320", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65320" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=911864" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56761" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56706" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56858" }, { "name": "firefox-cve20141479-sec-bypass(90898)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90898" }, { "name": "102866", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102866" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "65320", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65320" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=911864" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56761" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56706" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1479", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2119-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "name": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "https://8pecxstudios.com/?page_id=44080", "refsource": "CONFIRM", "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56858" }, { "name": "firefox-cve20141479-sec-bypass(90898)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90898" }, { "name": "102866", "refsource": "OSVDB", "url": "http://osvdb.org/102866" }, { "name": "DSA-2858", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "65320", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65320" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=911864", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=911864" }, { "name": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56761" }, { "name": "FEDORA-2014-2041", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56706" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1479", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:35.791Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1490 (GCVE-0-2014-1490)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:36.290Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "65335", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65335" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56858" }, { "name": "102876", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102876" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930874" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "mozilla-nss-cve20141490-code-exec(90885)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90885" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56767" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930857" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56706" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-09T18:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "65335", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65335" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56858" }, { "name": "102876", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102876" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930874" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "mozilla-nss-cve20141490-code-exec(90885)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90885" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56767" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930857" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56706" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1490", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2119-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "65335", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65335" }, { "name": "1029721", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "https://8pecxstudios.com/?page_id=44080", "refsource": "CONFIRM", "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "56922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56858" }, { "name": "102876", "refsource": "OSVDB", "url": "http://osvdb.org/102876" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "DSA-2858", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=930874", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930874" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "mozilla-nss-cve20141490-code-exec(90885)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90885" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name": "FEDORA-2014-2041", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56767" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=930857", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=930857" }, { "name": "56706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56706" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1490", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:36.290Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1484 (GCVE-0-2014-1484)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.
References
URL | Tags | |||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:35.487Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=953993" }, { "name": "102870", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102870" }, { "name": "20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html" }, { "name": "65323", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65323" }, { "name": "1029719", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029719" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "firefox-android-cve20141484-info-disc(90892)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90892" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-06.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=953993" }, { "name": "102870", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102870" }, { "name": "20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html" }, { "name": "65323", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65323" }, { "name": "1029719", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029719" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "firefox-android-cve20141484-info-disc(90892)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90892" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-06.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1484", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=953993", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=953993" }, { "name": "102870", "refsource": "OSVDB", "url": "http://osvdb.org/102870" }, { "name": "20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html" }, { "name": "65323", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65323" }, { "name": "1029719", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029719" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "firefox-android-cve20141484-info-disc(90892)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90892" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-06.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-06.html" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1484", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:35.487Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1480 (GCVE-0-2014-1480)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:35.492Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-03.html" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "firefox-cve20141480-spoofing(90897)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90897" }, { "name": "102867", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102867" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=916726" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "65331", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65331" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-03.html" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "firefox-cve20141480-spoofing(90897)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90897" }, { "name": "102867", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102867" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=916726" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "65331", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65331" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1480", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-03.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-03.html" }, { "name": "1029720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029720" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "openSUSE-SU-2014:0419", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "firefox-cve20141480-spoofing(90897)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90897" }, { "name": "102867", "refsource": "OSVDB", "url": "http://osvdb.org/102867" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=916726", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=916726" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "65331", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65331" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1480", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:35.492Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1481 (GCVE-0-2014-1481)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:35.868Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029721" }, { "name": "65326", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65326" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "102863", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102863" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=936056" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-13.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56761" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "firefox-cve20141481-sec-bypass(90883)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90883" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56706" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029721" }, { "name": "65326", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65326" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "102863", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102863" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=936056" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-13.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56761" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "firefox-cve20141481-sec-bypass(90883)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90883" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56706" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1481", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2119-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "name": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029721" }, { "name": "65326", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65326" }, { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "https://8pecxstudios.com/?page_id=44080", "refsource": "CONFIRM", "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "56922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56922" }, { "name": "56787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029720" }, { "name": "102863", "refsource": "OSVDB", "url": "http://osvdb.org/102863" }, { "name": "56858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "56763", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56763" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=936056", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=936056" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-13.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-13.html" }, { "name": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56761" }, { "name": "FEDORA-2014-2041", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "firefox-cve20141481-sec-bypass(90883)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90883" }, { "name": "openSUSE-SU-2014:0213", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56706" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1481", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:35.868Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1488 (GCVE-0-2014-1488)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:36.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "65321", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65321" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-11.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "firefox-cve20141488-dos(90887)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90887" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "102875", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102875" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950604" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56706" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "65321", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65321" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-11.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "firefox-cve20141488-dos(90887)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90887" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "102875", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102875" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950604" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56706" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1488", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "65321", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65321" }, { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-11.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-11.html" }, { "name": "https://8pecxstudios.com/?page_id=44080", "refsource": "CONFIRM", "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "56787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029720" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "firefox-cve20141488-dos(90887)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90887" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "openSUSE-SU-2014:0419", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "102875", "refsource": "OSVDB", "url": "http://osvdb.org/102875" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=950604", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950604" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56706" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1488", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:36.230Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1489 (GCVE-0-2014-1489)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:35.960Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102874", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102874" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-10.html" }, { "name": "65329", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65329" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "name": "firefox-cve20141489-sec-bypass(90888)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90888" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=959531" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "102874", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102874" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-10.html" }, { "name": "65329", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65329" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "name": "firefox-cve20141489-sec-bypass(90888)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90888" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=959531" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1489", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "102874", "refsource": "OSVDB", "url": "http://osvdb.org/102874" }, { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-10.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-10.html" }, { "name": "65329", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65329" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "firefox-cve20141489-sec-bypass(90888)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90888" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=959531", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=959531" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1489", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:35.960Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1477 (GCVE-0-2014-1477)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:35.412Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950000" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-01.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=953114" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=945334" }, { "name": "56763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56763" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=925896" }, { "name": "firefox-cve20141477-code-exec(90899)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90899" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "65317", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65317" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950438" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=937132" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56761" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=921470" }, { "name": "102864", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102864" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=937697" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=945939" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56706" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=951366" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=936808" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950000" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-01.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=953114" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=945334" }, { "name": "56763", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56763" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=925896" }, { "name": "firefox-cve20141477-code-exec(90899)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90899" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "65317", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65317" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950438" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=937132" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56761" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=921470" }, { "name": "102864", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102864" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=937697" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=945939" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56706" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=951366" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=936808" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1477", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2119-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "name": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" }, { "name": "1029721", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029721" }, { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=950000", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950000" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-01.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-01.html" }, { "name": "https://8pecxstudios.com/?page_id=44080", "refsource": "CONFIRM", "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "RHSA-2014:0132", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=953114", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=953114" }, { "name": "56787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56858" }, { "name": "DSA-2858", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=945334", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=945334" }, { "name": "56763", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56763" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=925896", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=925896" }, { "name": "firefox-cve20141477-code-exec(90899)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90899" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "RHSA-2014:0133", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "65317", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65317" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=950438", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950438" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=937132", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=937132" }, { "name": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "56761", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56761" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=921470", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=921470" }, { "name": "102864", "refsource": "OSVDB", "url": "http://osvdb.org/102864" }, { "name": "FEDORA-2014-2041", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=937697", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=937697" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=945939", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=945939" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56706" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=951366", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=951366" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=936808", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=936808" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1477", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:35.412Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1483 (GCVE-0-2014-1483)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:35.635Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029720" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950427" }, { "name": "65316", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65316" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "firefox-cve20141483-info-disc(90893)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90893" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-05.html" }, { "name": "102869", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102869" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56706" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029720" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950427" }, { "name": "65316", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65316" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "firefox-cve20141483-info-disc(90893)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90893" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-05.html" }, { "name": "102869", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102869" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56706" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1483", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "https://8pecxstudios.com/?page_id=44080", "refsource": "CONFIRM", "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "56787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029720" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=950427", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=950427" }, { "name": "65316", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65316" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "firefox-cve20141483-info-disc(90893)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90893" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "openSUSE-SU-2014:0419", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-05.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-05.html" }, { "name": "102869", "refsource": "OSVDB", "url": "http://osvdb.org/102869" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56767" }, { "name": "56706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56706" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1483", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:35.635Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1491 (GCVE-0-2014-1491)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:36.031Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029721" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "firefox-nss-cve20141491-unspecified(90886)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90886" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "DSA-2994", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2994" }, { "name": "65332", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65332" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56922" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56858" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-09T18:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "USN-2119-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "1029721", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029721" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8" }, { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "firefox-nss-cve20141491-unspecified(90886)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90886" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "DSA-2994", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2994" }, { "name": "65332", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65332" }, { "name": "56922", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56922" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56858" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "DSA-2858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name": "FEDORA-2014-2041", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1491", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2119-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2119-1" }, { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "name": "1029721", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029721" }, { "name": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8", "refsource": "CONFIRM", "url": "http://hg.mozilla.org/projects/nss/rev/12c42006aed8" }, { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "firefox-nss-cve20141491-unspecified(90886)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90886" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "DSA-2994", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2994" }, { "name": "65332", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65332" }, { "name": "56922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56922" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=934545" }, { "name": "1029720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029720" }, { "name": "56858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56858" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "DSA-2858", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2858" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-12.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "FEDORA-2014-2083", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" }, { "name": "openSUSE-SU-2014:0419", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name": "FEDORA-2014-2041", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "openSUSE-SU-2014:0213", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1491", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:36.031Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-1485 (GCVE-0-2014-1485)
Vulnerability from cvelistv5
Published
2014-02-06 02:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:42:35.979Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029720" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=910139" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56888" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "65322", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/65322" }, { "name": "firefox-xslt-cve20141485xss(90891)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90891" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56767" }, { "name": "102871", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/102871" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56706" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-07.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-02T19:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "name": "openSUSE-SU-2014:0212", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "56787", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029720" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=910139" }, { "name": "USN-2102-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "56888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56888" }, { "name": "openSUSE-SU-2014:0419", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "65322", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/65322" }, { "name": "firefox-xslt-cve20141485xss(90891)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90891" }, { "name": "SUSE-SU-2014:0248", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "USN-2102-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56767" }, { "name": "102871", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/102871" }, { "name": "56706", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56706" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-07.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1485", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2014:0212", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" }, { "name": "1029717", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029717" }, { "name": "https://8pecxstudios.com/?page_id=44080", "refsource": "CONFIRM", "url": "https://8pecxstudios.com/?page_id=44080" }, { "name": "56787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56787" }, { "name": "1029720", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029720" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=910139", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=910139" }, { "name": "USN-2102-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-2" }, { "name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "56888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56888" }, { "name": "openSUSE-SU-2014:0419", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" }, { "name": "65322", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65322" }, { "name": "firefox-xslt-cve20141485xss(90891)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90891" }, { "name": "SUSE-SU-2014:0248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" }, { "name": "USN-2102-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2102-1" }, { "name": "56767", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56767" }, { "name": "102871", "refsource": "OSVDB", "url": "http://osvdb.org/102871" }, { "name": "56706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56706" }, { "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-07.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-07.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1485", "datePublished": "2014-02-06T02:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:35.979Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…