CVE-2014-1583

CVSS v2.0 5 (Medium)

EPSS 0.69 % (81^th)

Affected Products 2

Advisories 6

The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2014-10-15 10:55:06
(10 years ago)
Updated Date: 2016-12-22 02:59:14
(7 years ago)

Affected Products

Mozilla

Firefox
Firefox Esr

Configuration #1

	CPE23	Up To
Mozilla Firefox 32.0 and prior versions	cpe:2.3:a:mozilla:firefox	<= 32.0
Mozilla Firefox 30.0	cpe:2.3:a:mozilla:firefox:30.0
Mozilla Firefox 31.0	cpe:2.3:a:mozilla:firefox:31.0
Mozilla Firefox 31.1.0	cpe:2.3:a:mozilla:firefox:31.1.0

Configuration #2

		CPE23	From	Up To
	Mozilla Firefox Esr 31.0	cpe:2.3:a:mozilla:firefox_esr:31.0
	Mozilla Firefox Esr 31.1.0	cpe:2.3:a:mozilla:firefox_esr:31.1.0