CVE-2014-1511

CRITICAL EXPLOITED

Mozilla Firefox < 28.0 - Improper Privilege Management

Title source: rule

Description

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/34448

View Code ZIP pw:eip

References (14)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-0310.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-0316.html

[Third Party Advisory] http://www.debian.org/security/2014/dsa-2881

[Third Party Advisory] http://www.debian.org/security/2014/dsa-2911

[Vendor Advisory] http://www.mozilla.org/security/announce/2014/mfsa2014-29.html

[Third Party Advisory] http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/66207

[Third Party Advisory] http://www.ubuntu.com/usn/USN-2151-1

[Exploit, Issue Tracking, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=982909

[Third Party Advisory] https://security.gentoo.org/glsa/201504-01

Scores

CVSS v3 9.8

EPSS 0.7049

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2016-08-04

CWE

CWE-269

Status published

Products (24)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 12.10

canonical/ubuntu_linux 13.10

debian/debian_linux 7.0

debian/debian_linux 8.0

mozilla/firefox < 28.0

mozilla/seamonkey < 2.25

mozilla/thunderbird < 24.4

opensuse/opensuse 11.4

opensuse/opensuse 12.3

... and 14 more

Published Mar 19, 2014

Tracked Since Feb 18, 2026