← Back

CVE-2014-1496

nvd nist
Published: Mar 19, 2014Modified: May 6, 2026

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

Affected (8)

Mozilla
3 products
Firefox
Seamonkey
Thunderbird
Suse
3 products
Suse Linux Enterprise Desktop
Suse Linux Enterprise Server
Suse Linux Enterprise Software Development Kit
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Mozilla
Firefox
Before 28.0
Firefox
From 24.0 to 24.4
Seamonkey
Before 2.25
Thunderbird
Before 24.4
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Suse Linux Enterprise Desktop
Version 11 sp3
Suse
Suse Linux Enterprise Server
Version 11 sp3
Suse Linux Enterprise Server
Version 11 sp3
Suse Linux Enterprise Software Development Kit
Version 11.0 sp3

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (10)

Source: security@mozilla.org
Mailing ListThird Party Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
ExploitIssue TrackingVendor Advisory
Source: security@mozilla.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.