CVE-2014-1481

high-risk

Published 2014-02-06

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

Do I need to act?

2.6% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Firefox

Seamonkey

Thunderbird

Suse Linux Enterprise Software Development Kit

Opensuse

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Debian Linux

Ubuntu Linux

Fedora

Affected Vendors

Suse Fedoraproject Canonical Opensuse Debian Redhat Mozilla

References (66)

Broken Link http://download.novell.com/Download?buildid=VYQsgaFpQ2k

Broken Link http://download.novell.com/Download?buildid=Y2fux-JW1Qc

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.h...

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.h...

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

Broken Link http://osvdb.org/102863

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2014-0132.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2014-0133.html

Broken Link http://secunia.com/advisories/56706

Broken Link http://secunia.com/advisories/56761

Broken Link http://secunia.com/advisories/56763

Broken Link http://secunia.com/advisories/56767

Broken Link http://secunia.com/advisories/56787

Broken Link http://secunia.com/advisories/56858

Broken Link http://secunia.com/advisories/56888

Broken Link http://secunia.com/advisories/56922

Third Party Advisory http://www.debian.org/security/2014/dsa-2858

and 46 more references

/ 100

high-risk

Severity 26/34 · High

Exploitability 6/34 · Minimal

Exposure 21/34 · High