CVE-2014-1583 Information

Description

The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html http://rhn.redhat.com/errata/RHSA-2014-1635.html http://secunia.com/advisories/61854 http://secunia.com/advisories/62022 http://secunia.com/advisories/62023 http://www.debian.org/security/2014/dsa-3050 http://www.mozilla.org/security/announce/2014/mfsa2014-82.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/70424 http://www.securitytracker.com/id/1031028 http://www.securitytracker.com/id/1031030 http://www.ubuntu.com/usn/USN-2372-1 https://advisories.mageia.org/MGASA-2014-0421.html https://bugzilla.mozilla.org/show_bug.cgi?id=1015540 https://security.gentoo.org/glsa/201504-01