← Retour aux CVEs
CVE-2014-1524
CRITICAL9.8
Description
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/30/2014
Derniere modification11/25/2025
Sourcenvd
Observations honeypot0
Produits affectes
canonical:ubuntu_linuxdebian:debian_linuxfedoraproject:fedoramozilla:firefoxmozilla:seamonkeymozilla:thunderbirdopensuse:opensuseredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_eusredhat:enterprise_linux_server_tusredhat:enterprise_linux_workstationsuse:suse_linux_enterprise_server
Faiblesses (CWE)
CWE-120
References
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html(security@mozilla.org)
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html(security@mozilla.org)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html(security@mozilla.org)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html(security@mozilla.org)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html(security@mozilla.org)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html(security@mozilla.org)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html(security@mozilla.org)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html(security@mozilla.org)
http://rhn.redhat.com/errata/RHSA-2014-0448.html(security@mozilla.org)
http://rhn.redhat.com/errata/RHSA-2014-0449.html(security@mozilla.org)
http://secunia.com/advisories/59866(security@mozilla.org)
http://www.debian.org/security/2014/dsa-2918(security@mozilla.org)
http://www.debian.org/security/2014/dsa-2924(security@mozilla.org)
http://www.mozilla.org/security/announce/2014/mfsa2014-38.html(security@mozilla.org)
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html(security@mozilla.org)
http://www.securityfocus.com/bid/67131(security@mozilla.org)
http://www.securitytracker.com/id/1030163(security@mozilla.org)
http://www.securitytracker.com/id/1030164(security@mozilla.org)
http://www.securitytracker.com/id/1030165(security@mozilla.org)
http://www.ubuntu.com/usn/USN-2185-1(security@mozilla.org)
http://www.ubuntu.com/usn/USN-2189-1(security@mozilla.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=989183(security@mozilla.org)
https://security.gentoo.org/glsa/201504-01(security@mozilla.org)
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-0448.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-0449.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59866(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2014/dsa-2918(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2014/dsa-2924(af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2014/mfsa2014-38.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/67131(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1030163(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1030164(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1030165(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2185-1(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2189-1(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=989183(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201504-01(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.