CVE-2014-1501 — Mozilla Firefox vulnerability

CWE-2644 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

0.2%

top 54.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Oracle Solaris Suse Linux Enterprise Desktop +2 more

Timeline

PublishedMar 19

Latest updateMay 17

Description

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages5 packages

▶NVDmozilla/firefox27.0.1+199

▶NVDoracle/solaris11.3

▶NVDsuse/linux_enterprise_server11

▶NVDsuse/linux_enterprise_desktop11

▶NVDsuse/linux_enterprise_software_development_kit11

🔴Vulnerability Details

GHSA

GHSA-rg9q-8758-m38f: Mozilla Firefox before 28↗2022-05-17

▶

CVEList

CVE-2014-1501: Mozilla Firefox before 28↗2014-03-19

▶

💥Exploits & PoCs

Exploit-DB

Xerox DocuShare - SQL Injection↗2014-04-15

▶