CVE-2014-1496

CWE-269 — Improper Privilege Management5 documents5 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 80.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +3 more

Timeline

PublishedMar 19

Latest updateMay 13

Description

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶NVDmozilla/firefox24.0 — 24.4+1

▶NVDmozilla/seamonkey< 2.25

▶NVDmozilla/thunderbird< 24.4

▶NVDsuse/suse_linux_enterprise_server11

▶NVDsuse/suse_linux_enterprise_desktop11

🔴Vulnerability Details

GHSA

GHSA-rg2h-rx22-64cp: Mozilla Firefox before 28↗2022-05-13

▶

CVEList

CVE-2014-1496: Mozilla Firefox before 28↗2014-03-19

▶

📋Vendor Advisories

Red Hat

Mozilla: Files extracted during updates are not always read only (MFSA 2014-16)↗2014-03-18

▶

💬Community

Bugzilla

CVE-2014-1496 Mozilla: Files extracted during updates are not always read only (MFSA 2014-16)↗2014-03-17

▶