CVE-2014-1481
Summary
| CVE | CVE-2014-1481 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-02-06 05:44:00 UTC |
| Updated | 2020-08-11 13:14:00 UTC |
| Description | Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 13.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 13.10 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 19 | All | All | All |
| Operating System | Fedoraproject | Fedora | 20 | All | All | All |
| Operating System | Fedoraproject | Fedora | 19 | All | All | All |
| Operating System | Fedoraproject | Fedora | 20 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | All | All | All | All |
| Application | Mozilla | Firefox Esr | All | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
| Operating System | Opensuse | Opensuse | 11.4 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.3 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 11.4 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.3 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Suse | Suse Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp3 | All | All |
| Application | Suse | Suse Linux Enterprise Software Development Kit | 11.0 | sp3 | All | All |
| Application | Suse | Suse Linux Enterprise Software Development Kit | 11.0 | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory SA56761 - Red Hat update for firefox - Secunia | SECUNIA | secunia.com | Broken Link |
| Oracle Solaris Bulletin - April 2016 | CONFIRM | www.oracle.com | Third Party Advisory |
| Security Advisory SA56706 - Cyberfox Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | Broken Link |
| Debian -- Security Information -- DSA-2858-1 iceweasel | DEBIAN | www.debian.org | Third Party Advisory |
| Security Advisory SA56787 - Mozilla Firefox Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | Broken Link |
| Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| [security-announce] openSUSE-SU-2014:0212-1: important: Mozilla Firefox | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 20 Update: thunderbird-24.3.0-1.fc20 | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Security Advisory SA56858 - Debian update for iceweasel - Secunia | SECUNIA | secunia.com | Broken Link |
| Gentoo Security | GENTOO | security.gentoo.org | Third Party Advisory |
| 8pecxstudios.com | CONFIRM | 8pecxstudios.com | Broken Link |
| USN-2102-1: Firefox vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Security Advisory SA56888 - Ubuntu update for firefox - Secunia | SECUNIA | secunia.com | Broken Link |
| 936056 – (CVE-2014-1481) Inconsistent this value when invoking getters on window | CONFIRM | bugzilla.mozilla.org | Exploit, Issue Tracking, Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| [SECURITY] Fedora 19 Update: thunderbird-24.3.0-1.fc19 | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| USN-2119-1: Thunderbird vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Security Advisory SA56767 - Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | Broken Link |
| Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| [security-announce] SUSE-SU-2014:0248-1: important: Security update for | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Downloads | CONFIRM | download.novell.com | Broken Link |
| USN-2102-2: Firefox regression | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2014:0213-1: important: Mozilla updates | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| download.novell.com/Download | CONFIRM | download.novell.com | Broken Link |
| 102863 | OSVDB | osvdb.org | Broken Link |
| MFSA 2014-13: Inconsistent JavaScript handling of access to Window objects | CONFIRM | www.mozilla.org | Vendor Advisory |
| [security-announce] openSUSE-SU-2014:0419-1: important: Mozilla updates | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Security Advisory SA56763 - Red Hat update for thunderbird - Secunia | SECUNIA | secunia.com | Broken Link |
| Security Advisory SA56922 - SUSE update for Multiple Mozilla Packages - Secunia | SECUNIA | secunia.com | Broken Link |
| Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1481 Security Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.