6.8

CVE-2014-1526

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.

Data is provided by the National Vulnerability Database (NVD)
MozillaFirefox Version < 29.0
MozillaSeamonkey Version < 2.26
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.10
CanonicalUbuntu Linux Version14.04 SwEditionesm
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
FedoraprojectFedora Version19
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.7% 0.696
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.securitytracker.com/id/1030163
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030164
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=988106
Patch
Vendor Advisory
Issue Tracking