CVE-2014-1589Improper Access Control in Mozilla Firefox

CWE-284Improper Access ControlCWE-20Improper Input Validation8 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
0.3%
top 46.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedDec 11
Latest updateMay 17

Description

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

Ubuntumozilla/firefox< 34.0+build2-0ubuntu0.14.04.1
NVDmozilla/firefox33.0

🔴Vulnerability Details

4
GHSA
GHSA-grpw-qvqh-xgxx: Mozilla Firefox before 342022-05-17
CVEList
CVE-2014-1589: Mozilla Firefox before 342014-12-11
OSV
CVE-2014-1589: Mozilla Firefox before 342014-12-02
OSV
firefox vulnerabilities2014-12-02

📋Vendor Advisories

2
Ubuntu
Firefox vulnerabilities2014-12-02
Red Hat
Mozilla: XBL bindings accessible via improper CSS declarations (MFSA 2014-84)2014-12-02

💬Community

1
Bugzilla
CVE-2014-1589 Mozilla: XBL bindings accessible via improper CSS declarations (MFSA 2014-84)2014-12-01
CVE-2014-1589 — Improper Access Control in Mozilla | cvebase