CVE-2014-1496
MEDIUMMozilla Firefox < 28.0 - Privilege Escalation via Modified Mar Contents During Update
Title source: llmDescription
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.
References (5)
Core 5
Core References
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=925747
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
19.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-269
Status
published
Products (6)
mozilla/firefox
< 28.0
mozilla/seamonkey
< 2.25
mozilla/thunderbird
< 24.4
suse/suse_linux_enterprise_desktop
11 sp3
suse/suse_linux_enterprise_server
11 sp3 (2 CPE variants)
suse/suse_linux_enterprise_software_development_kit
11.0 sp3
Published
Mar 19, 2014
Tracked Since
Feb 18, 2026