← Back

CVE-2014-1526

nvd nist
Published: Apr 30, 2014Modified: May 6, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.

Affected (9)

Show all products
Mozilla: Firefox, Seamonkey · Canonical: Ubuntu Linux · Opensuse: Opensuse · Fedoraproject: Fedora
Mozilla
2 products
Firefox
Seamonkey
Canonical
1 product
Ubuntu Linux
Opensuse
1 product
Opensuse
Fedoraproject
1 product
Fedora
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Firefox
Before 29.0
Seamonkey
Before 2.26
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 12.10
Ubuntu Linux
Version 13.10
Ubuntu Linux
Version 14.04
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Opensuse
Version 12.3
Opensuse
Version 13.1
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 19

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (22)

Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Mailing ListThird Party Advisory
Source: security@mozilla.org
Mailing ListThird Party Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Vendor Advisory
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Third Party AdvisoryVDB Entry
Source: security@mozilla.org
Third Party AdvisoryVDB Entry
Source: security@mozilla.org
Third Party Advisory
Source: security@mozilla.org
Issue TrackingPatchVendor Advisory
Source: security@mozilla.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.