CVE-2014-1526

CVSS v2.0 6.8 (Medium)

EPSS 0.71 % (81^th)

Affected Products 5

Advisories 3

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.

Weaknesses

CWE-269: Improper Privilege Management

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2014-04-30 10:49:04
(10 years ago)
Updated Date: 2020-08-14 17:49:40
(4 years ago)

Affected Products

Canonical

Ubuntu Linux

Fedoraproject

Fedora

Mozilla

Opensuse

Opensuse

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox prior 29.0 version	cpe:2.3:a:mozilla:firefox		< 29.0
	Mozilla Seamonkey prior 2.26 version	cpe:2.3:a:mozilla:seamonkey		< 2.26

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:esm
	Canonical Ubuntu Linux 12.10	cpe:2.3:o:canonical:ubuntu_linux:12.10
	Canonical Ubuntu Linux 13.10	cpe:2.3:o:canonical:ubuntu_linux:13.10
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm

Configuration #3

		CPE23	From	Up To
	Opensuse 12.3	cpe:2.3:o:opensuse:opensuse:12.3
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1

Configuration #4

		CPE23	From	Up To
	Fedoraproject Fedora 19	cpe:2.3:o:fedoraproject:fedora:19