CVE-2014-1589

EPSS 0.31%
Veröffentlicht 11.12.2014 11:59:02
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 33.0

Mozilla ≫ Seamonkey Version <= 2.30

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.507

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

https://security.gentoo.org/glsa/201504-01

http://www.mozilla.org/security/announce/2014/mfsa2014-84.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1043787

https://nvd.nist.gov/vuln/detail/CVE-2014-1589

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-1589

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-1589

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2014-1589