CVE-2014-1496

MEDIUM

Description

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

References

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

http://www.mozilla.org/security/announce/2014/mfsa2014-16.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

https://bugzilla.mozilla.org/show_bug.cgi?id=925747

https://security.gentoo.org/glsa/201504-01

Details

Source: MITRE

Published: 2014-03-19

Updated: 2016-12-22

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 6.9

Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM