9.8

CVE-2014-1510

Exploit
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 28.0
MozillaFirefox Version >= 24.0 < 24.4
MozillaSeamonkey Version < 2.25
MozillaThunderbird Version < 24.4
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.10
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
RedhatEnterprise Linux Eus Version6.5
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
SuseSuse Linux Enterprise Desktop Version11 Updatesp3
SuseSuse Linux Enterprise Server Version11 Updatesp3
SuseSuse Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 82.34% 0.996
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
https://security.gentoo.org/glsa/201504-01
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2014-0310.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0316.html
Third Party Advisory
http://www.debian.org/security/2014/dsa-2881
Third Party Advisory
http://www.debian.org/security/2014/dsa-2911
Third Party Advisory
http://www.ubuntu.com/usn/USN-2151-1
Third Party Advisory
http://www.mozilla.org/security/announce/2014/mfsa2014-29.html
Vendor Advisory
http://www.securityfocus.com/bid/66206
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=982906
Vendor Advisory
Exploit
Issue Tracking