CVE-2014-1583 — Mozilla Firefox vulnerability

8 documents7 sources

Severity

5.0MEDIUMNVD

OSV7.5

EPSS

0.7%

top 26.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedOct 15

Latest updateMay 17

Description

The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Ubuntumozilla/firefox< 33.0+build2-0ubuntu0.14.04.1

▶NVDmozilla/firefox32.0+3

🔴Vulnerability Details

GHSA

GHSA-hp3c-mm39-w8vj: The Alarm API in Mozilla Firefox before 33↗2022-05-17

▶

OSV

firefox vulnerabilities↗2014-10-14

▶

OSV

CVE-2014-1583: The Alarm API in Mozilla Firefox before 33↗2014-10-14

▶

📋Vendor Advisories

Red Hat

Mozilla: Accessing cross-origin objects via the Alarms API (MFSA 2014-82)↗2014-10-14

▶

Ubuntu

Firefox vulnerabilities↗2014-10-14

▶

💬Community

Bugzilla

CVE-2014-1583 Mozilla: Accessing cross-origin objects via the Alarms API (MFSA 2014-82)↗2014-10-14

▶