CVE-2014-1526

CWE-269 — Improper Privilege Management7 documents7 sources

Severity

6.8MEDIUM

EPSS

0.7%

top 28.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Canonical Ubuntu Linux +2 more

Timeline

PublishedApr 30

Latest updateMay 13

Description

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶NVDmozilla/firefox< 29.0

▶NVDmozilla/seamonkey< 2.26

▶Ubuntufirefox< 29.0+build1-0ubuntu0.14.04.2

▶NVDopensuse/opensuse12.3, 13.1+1

Also affects: Fedora 19, Ubuntu Linux 12.04, 12.10, 13.10, 14.04

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-cg7q-w674-m33v: The XrayWrapper implementation in Mozilla Firefox before 29↗2022-05-13

▶

CVEList

CVE-2014-1526: The XrayWrapper implementation in Mozilla Firefox before 29↗2014-04-30

▶

OSV

CVE-2014-1526: The XrayWrapper implementation in Mozilla Firefox before 29↗2014-04-29

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2014-04-29

▶

Red Hat

Mozilla: Debugger can bypass XrayWrappers with JavaScript (MFSA 2014-47)↗2014-04-29

▶

💬Community

Bugzilla

CVE-2014-1526 Mozilla: Debugger can bypass XrayWrappers with JavaScript (MFSA 2014-47)↗2014-05-07

▶