6.8

CVE-2014-1526

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 29.0
MozillaSeamonkey Version < 2.26
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.10
CanonicalUbuntu Linux Version14.04 SwEditionesm
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
FedoraprojectFedora Version19
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.82% 0.76
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
https://security.gentoo.org/glsa/201504-01
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/59866
Third Party Advisory
http://www.ubuntu.com/usn/USN-2185-1
Third Party Advisory
http://www.securitytracker.com/id/1030163
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030164
Third Party Advisory
VDB Entry
http://www.mozilla.org/security/announce/2014/mfsa2014-47.html
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=988106
Patch
Vendor Advisory
Issue Tracking