5.5
CVE-2014-1496
- EPSS 0.06%
- Published 19.03.2014 10:55:06
- Last modified 12.04.2025 10:46:40
- Source security@mozilla.org
- Teams watchlist Login
- Open Login
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.
Data is provided by the National Vulnerability Database (NVD)
Mozilla ≫ Firefox ESR Version >= 24.0 < 24.4
Mozilla ≫ Thunderbird Version < 24.4
Suse ≫ Suse Linux Enterprise Software Development Kit Version11.0 Updatesp3
Suse ≫ Suse Linux Enterprise Desktop Version11 Updatesp3
Suse ≫ Suse Linux Enterprise Server Version11 Updatesp3
Suse ≫ Suse Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.167 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 1.9 | 3.4 | 2.9 |
AV:L/AC:M/Au:N/C:N/I:P/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.