CVE-2014-1481 Information
Description
Mozilla Firefox before 27.0 Firefox ESR 24.x before 24.3 Thunderbird before 24.3 and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Reference
http://download.novell.com/Download?buildid=VYQsgaFpQ2k http://download.novell.com/Download?buildid=Y2fux-JW1Qc http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102863 http://rhn.redhat.com/errata/RHSA-2014-0132.html http://rhn.redhat.com/errata/RHSA-2014-0133.html http://secunia.com/advisories/56706 http://secunia.com/advisories/56761 http://secunia.com/advisories/56763 http://secunia.com/advisories/56767 http://secunia.com/advisories/56787 http://secunia.com/advisories/56858 http://secunia.com/advisories/56888 http://secunia.com/advisories/56922 http://www.debian.org/security/2014/dsa-2858 http://www.mozilla.org/security/announce/2014/mfsa2014-13.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/65326 http://www.securitytracker.com/id/1029717 http://www.securitytracker.com/id/1029720 http://www.securitytracker.com/id/1029721 http://www.ubuntu.com/usn/USN-2102-1 http://www.ubuntu.com/usn/USN-2102-2 http://www.ubuntu.com/usn/USN-2119-1 https://8pecxstudios.com/?page_id=44080 https://bugzilla.mozilla.org/show_bug.cgi?id=936056 https://exchange.xforce.ibmcloud.com/vulnerabilities/90883 https://security.gentoo.org/glsa/201504-01
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
7.5
Share on: