9.3

CVE-2014-1529

Exploit

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.

Data is provided by the National Vulnerability Database (NVD)
MozillaFirefox Version < 29.0
MozillaFirefox ESR Version >= 24.0 < 24.5
MozillaSeamonkey Version < 2.26
MozillaThunderbird Version < 24.5
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.10
CanonicalUbuntu Linux Version14.04 SwEditionesm
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
RedhatEnterprise Linux Eus Version6.5
FedoraprojectFedora Version19
FedoraprojectFedora Version20
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
SuseSuse Linux Enterprise Server Version10 Updatesp4 SwEditionltss
SuseSuse Linux Enterprise Server Version11 Updatesp1 SwEditionltss
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.91% 0.736
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.securitytracker.com/id/1030163
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030164
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030165
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/67135
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=987003
Vendor Advisory
Exploit
Issue Tracking