CVE-2014-1552 — Mozilla Firefox vulnerability

CWE-2649 documents6 sources

Severity

5.8MEDIUMNVD

OSV10.0

EPSS

0.2%

top 57.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedJul 23

Latest updateMay 17

Description

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages4 packages

▶Ubuntumozilla/firefox< 31.0+build1-0ubuntu0.14.04.1

▶Ubuntumozilla/thunderbird< 1:31.0+build1-0ubuntu0.14.04.1

▶NVDmozilla/firefox30.0

▶NVDmozilla/thunderbird24.7+9

🔴Vulnerability Details

GHSA

GHSA-rr45-q6fx-833j: Mozilla Firefox before 31↗2022-05-17

▶

OSV

CVE-2014-1552: Mozilla Firefox before 31↗2014-07-22

▶

OSV

firefox vulnerabilities↗2014-07-22

▶

OSV

thunderbird vulnerabilities↗2014-07-22

▶

📋Vendor Advisories

Red Hat

Mozilla: IFRAME sandbox same-origin access through redirect (MFSA 2014-66)↗2014-07-22

▶

Ubuntu

Thunderbird vulnerabilities↗2014-07-22

▶

Ubuntu

Firefox vulnerabilities↗2014-07-22

▶

💬Community

Bugzilla

CVE-2014-1552 Mozilla: IFRAME sandbox same-origin access through redirect (MFSA 2014-66)↗2014-07-21

▶