Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2014-1530

Опубликовано: 30 апр. 2014
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.1

Описание

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.

РелизСтатусПримечание
devel

not-affected

29.0+build1-0ubuntu0.14.04.2
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [29.0+build1-0ubuntu0.14.04.2]]
lucid

ignored

end of life
precise

released

29.0+build1-0ubuntu0.12.04.2
quantal

released

29.0+build1-0ubuntu0.12.10.3
saucy

released

29.0+build1-0ubuntu0.13.10.3
trusty

released

29.0+build1-0ubuntu0.14.04.2
trusty/esm

DNE

trusty was released [29.0+build1-0ubuntu0.14.04.2]
upstream

released

29.0

Показывать по

РелизСтатусПримечание
devel

not-affected

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [1:24.5.0+build1-0ubuntu0.14.04.1]]
lucid

ignored

end of life
precise

released

1:24.5.0+build1-0ubuntu0.12.04.1
quantal

released

1:24.5.0+build1-0ubuntu0.12.10.1
saucy

released

1:24.5.0+build1-0ubuntu0.13.10.1
trusty

released

1:24.5.0+build1-0ubuntu0.14.04.1
trusty/esm

DNE

trusty was released [1:24.5.0+build1-0ubuntu0.14.04.1]
upstream

released

24.5.0

Показывать по

EPSS

Процентиль: 72%
0.00756
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

redhat
больше 11 лет назад

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.

CVSS3: 6.1
nvd
больше 11 лет назад

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.

CVSS3: 6.1
debian
больше 11 лет назад

The docshell implementation in Mozilla Firefox before 29.0, Firefox ES ...

CVSS3: 6.1
github
около 3 лет назад

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.

fstec
больше 11 лет назад

Уязвимость программного пакета SeaMonkey, позволяющая удаленному злоумышленнику выполнить произвольный код

EPSS

Процентиль: 72%
0.00756
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3