CVE-2014-1496

MEDIUM

Mozilla Firefox < 28.0 - Improper Privilege Management

Title source: rule

Description

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

References (5)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

[Vendor Advisory] http://www.mozilla.org/security/announce/2014/mfsa2014-16.html

[Third Party Advisory] http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

[Exploit, Issue Tracking, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=925747

[Third Party Advisory] https://security.gentoo.org/glsa/201504-01

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 19.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-269

Status draft

Affected Products (7)

mozilla/firefox < 28.0

mozilla/seamonkey < 2.25

mozilla/thunderbird < 24.4

suse/suse_linux_enterprise_software_development_kit

suse/suse_linux_enterprise_desktop

suse/suse_linux_enterprise_server

Timeline

Published Mar 19, 2014

Tracked Since Feb 18, 2026