5.8

CVE-2014-1552

EPSS 0.2%
Published 23.07.2014 11:12:43
Last modified 12.04.2025 10:46:40
Source security@mozilla.org
Teams watchlist Login
Open Login

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 30.0

Mozilla ≫ Thunderbird Version <= 24.7

Mozilla ≫ Thunderbird Version24.0

Mozilla ≫ Thunderbird Version24.0.1

Mozilla ≫ Thunderbird Version24.1

Mozilla ≫ Thunderbird Version24.1.1

Mozilla ≫ Thunderbird Version24.2

Mozilla ≫ Thunderbird Version24.3

Mozilla ≫ Thunderbird Version24.4

Mozilla ≫ Thunderbird Version24.5

Mozilla ≫ Thunderbird Version24.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.2%	0.425

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

https://security.gentoo.org/glsa/201504-01

http://secunia.com/advisories/59760

http://secunia.com/advisories/60628

http://www.securitytracker.com/id/1030619

http://www.securitytracker.com/id/1030620

http://www.mozilla.org/security/announce/2014/mfsa2014-66.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=985135

https://nvd.nist.gov/vuln/detail/CVE-2014-1552

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-1552

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-1552

EUVD