CVE-2014-1481

Published: Feb 6, 2014Modified: Apr 29, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

Affected (27)

Products: Mozilla: Firefox, Seamonkey, Thunderbird · Fedoraproject: Fedora · Opensuse: Opensuse · +4 more

Show all products

3 products

1 product

1 product

3 products

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Suse Linux Enterprise Software Development Kit

Redhat

7 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 27.0
Mozilla Firefox	From 24.0 to 24.3
Mozilla Seamonkey	Before 2.24
Mozilla Thunderbird	Before 24.3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 19
Fedoraproject Fedora	Version 20

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1
Suse Suse Linux Enterprise Desktop	Version 11 sp3
Suse Suse Linux Enterprise Server	Version 11 sp3
Suse Suse Linux Enterprise Server	Version 11 sp3
Suse Suse Linux Enterprise Software Development Kit	Version 11.0 sp3

Configuration D

10 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.5
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 6.5
Redhat Enterprise Linux Server Eus	Version 6.5
Redhat Enterprise Linux Server Tus	Version 6.5
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Configuration F

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10
Canonical Ubuntu Linux	Version 13.10

References (66)

http://download.novell.com/Download?buildid=VYQsgaFpQ2k

Source: security@mozilla.org

Broken Link

http://download.novell.com/Download?buildid=Y2fux-JW1Qc

Source: security@mozilla.org

Broken Link

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://osvdb.org/102863

Source: security@mozilla.org

Broken Link

http://rhn.redhat.com/errata/RHSA-2014-0132.html

Source: security@mozilla.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-0133.html

Source: security@mozilla.org

Third Party Advisory

http://secunia.com/advisories/56706

Source: security@mozilla.org

Broken Link

http://secunia.com/advisories/56761

Source: security@mozilla.org

Broken Link

http://secunia.com/advisories/56763

Source: security@mozilla.org

Broken Link

http://secunia.com/advisories/56767

Source: security@mozilla.org

Broken Link

http://secunia.com/advisories/56787

Source: security@mozilla.org

Broken Link

http://secunia.com/advisories/56858

Source: security@mozilla.org

Broken Link

http://secunia.com/advisories/56888

Source: security@mozilla.org

Broken Link

http://secunia.com/advisories/56922

Source: security@mozilla.org

Broken Link

http://www.debian.org/security/2014/dsa-2858

Source: security@mozilla.org

Third Party Advisory

http://www.mozilla.org/security/announce/2014/mfsa2014-13.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

Third Party Advisory

http://www.securityfocus.com/bid/65326

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029717

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029720

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029721

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2102-1

Source: security@mozilla.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2102-2

Source: security@mozilla.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2119-1

Source: security@mozilla.org

Third Party Advisory

https://8pecxstudios.com/?page_id=44080

Source: security@mozilla.org

Broken LinkURL Repurposed

https://bugzilla.mozilla.org/show_bug.cgi?id=936056

Source: security@mozilla.org

ExploitIssue TrackingVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/90883

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

https://security.gentoo.org/glsa/201504-01

Source: security@mozilla.org

Third Party Advisory

http://download.novell.com/Download?buildid=VYQsgaFpQ2k