CVE-2014-1481

HIGH

Mozilla Firefox < 27.0 - Window Object Restriction Bypass via Native Getter Method Inconsistency

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

References (33)

Core 33
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2119-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029721
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65326
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029717
Broken Link, URL Repurposed x_refsource_confirm
https://8pecxstudios.com/?page_id=44080
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0132.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56922
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56787
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029720
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/102863
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56858
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2858
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56763
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2102-2
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0133.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=936056
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56888
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56761
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90883
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2102-1
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56767
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56706

Scores

CVSS v3 7.5
EPSS 0.0258
EPSS Percentile 85.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published
Products (25)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
canonical/ubuntu_linux 13.10
debian/debian_linux 7.0
fedoraproject/fedora 19
fedoraproject/fedora 20
mozilla/firefox < 27.0
mozilla/seamonkey < 2.24
mozilla/thunderbird < 24.3
opensuse/opensuse 11.4
... and 15 more
Published Feb 06, 2014
Tracked Since Feb 18, 2026