CVE-2014-1589

medium

Description

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

References

http://www.mozilla.org/security/announce/2014/mfsa2014-84.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1043787

https://security.gentoo.org/glsa/201504-01

Details

Source: MITRE

Published: 2014-12-11

Updated: 2016-12-22

Type: CWE-284

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM