CVE-2014-1583
Firefox < 32.0 - Same Origin Policy Bypass via Alarm API toJSON Calls
Title source: llmDescription
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.
References (18)
Core 18
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031028
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2014/mfsa2014-82.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70424
Third Party Advisory x_refsource_confirm
https://advisories.mageia.org/MGASA-2014-0421.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2372-1
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62022
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031030
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62023
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1015540
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3050
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61854
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1635.html
Scores
EPSS
0.0075
EPSS Percentile
73.3%
Details
Status
published
Products (4)
mozilla/firefox
30.0
mozilla/firefox
31.0
mozilla/firefox
31.1.0
mozilla/firefox
< 32.0
Published
Oct 15, 2014
Tracked Since
Feb 18, 2026