6.1

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 29.0
MozillaFirefox ESR Version >= 24.0 < 24.5
MozillaSeamonkey Version < 2.26
MozillaThunderbird Version < 24.5
FedoraprojectFedora Version19
FedoraprojectFedora Version20
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.10
CanonicalUbuntu Linux Version14.04 SwEditionesm
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
RedhatEnterprise Linux Eus Version6.5
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
SuseSuse Linux Enterprise Server Version10 Updatesp4 SwEditionltss
SuseSuse Linux Enterprise Server Version11 Updatesp1 SwEditionltss
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.87% 0.744
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securitytracker.com/id/1030163
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030164
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030165
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/67137
Third Party Advisory
VDB Entry