CVE-2014-1589

Опубликовано: 02 дек. 2014

Источник: redhat

CVSS2: 4.3

Описание

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

Отчет

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	firefox	Not affected
Red Hat Enterprise Linux 5	thunderbird	Not affected
Red Hat Enterprise Linux 6	firefox	Not affected
Red Hat Enterprise Linux 6	thunderbird	Not affected
Red Hat Enterprise Linux 7	firefox	Not affected
Red Hat Enterprise Linux 7	thunderbird	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1169205Mozilla: XBL bindings accessible via improper CSS declarations (MFSA 2014-84)

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2014-1589

ubuntu

около 11 лет назад

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

CVE-2014-1589

nvd

около 11 лет назад

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

CVE-2014-1589

debian

около 11 лет назад

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide styleshe ...

GHSA-grpw-qvqh-xgxx

github

больше 3 лет назад

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

4.3 Medium

CVSS2