CVE-2014-1589

Published: Dec 11, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

Affected (2)

Products: Mozilla: Firefox, Seamonkey

Mozilla

2 products

Firefox

Seamonkey

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 33.0
Mozilla Seamonkey	Up to 2.30

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

http://www.mozilla.org/security/announce/2014/mfsa2014-84.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1043787

Source: security@mozilla.org

https://security.gentoo.org/glsa/201504-01

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2014/mfsa2014-84.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1043787

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201504-01

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.