5.8

CVE-2014-1552

EPSS 0.2%
Veröffentlicht 23.07.2014 11:12:43
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 30.0

Mozilla ≫ Thunderbird Version <= 24.7

Mozilla ≫ Thunderbird Version24.0

Mozilla ≫ Thunderbird Version24.0.1

Mozilla ≫ Thunderbird Version24.1

Mozilla ≫ Thunderbird Version24.1.1

Mozilla ≫ Thunderbird Version24.2

Mozilla ≫ Thunderbird Version24.3

Mozilla ≫ Thunderbird Version24.4

Mozilla ≫ Thunderbird Version24.5

Mozilla ≫ Thunderbird Version24.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.425

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

https://security.gentoo.org/glsa/201504-01

http://secunia.com/advisories/59760

http://secunia.com/advisories/60628

http://www.securitytracker.com/id/1030619

http://www.securitytracker.com/id/1030620

http://www.mozilla.org/security/announce/2014/mfsa2014-66.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=985135

https://nvd.nist.gov/vuln/detail/CVE-2014-1552

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-1552

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-1552

EUVD