CVE-2014-1589

Advisory lineage Upstream: 0 Downstream: 5

Downstream

MGASA-2014-0518 OPENSUSE-SU-2024:10071-1 OPENSUSE-SU-2024:14572-1 UBUNTU-CVE-2014-1589 USN-2424-1

Modified

Published: 11 Dec 2014, 11:00

Last modified:06 Aug 2024, 09:42

Vulnerability Summary

Overall Risk (default)

medium

27/100

CVSS Score

6.8 MEDIUM

v2.0 (nvd)

EPSS Score

0.3% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

11 Dec 2014, 11:00

Published

Vulnerability first disclosed

06 Aug 2024, 09:42

Last Modified

Vulnerability information updated

Description

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

CVSS Metrics

v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.30%• Percentile: 54%

Techniques & Countermeasures

CWE-284•Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Affected Systems

mozilla•firefox
≤ 33.0
mozilla•seamonkey
≤ 2.30