Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-1489

Published: 06/02/2014 Updated: 30/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Oracle

Vulnerability Summary

Mozilla Firefox prior to 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote malicious users to cause a denial of service (session restore) via a crafted web site.

Vulnerable Product Search on Vulmon Subscribe to Product

oracle solaris 11.3

suse linux enterprise software development kit 11

suse linux enterprise server 11

suse linux enterprise desktop 11

mozilla firefox 0.4

mozilla firefox 0.5

mozilla firefox 0.9

mozilla firefox 0.9.1

mozilla firefox 1.0.4

mozilla firefox 1.0.5

mozilla firefox 1.5.0.1

mozilla firefox 1.5.0.10

mozilla firefox 1.5.0.6

mozilla firefox 1.5.0.7

mozilla firefox

mozilla firefox 0.1

mozilla firefox 0.6

mozilla firefox 0.6.1

mozilla firefox 0.9.2

mozilla firefox 0.9.3

mozilla firefox 1.0.6

mozilla firefox 1.0.7

mozilla firefox 1.5.0.11

mozilla firefox 1.5.0.12

mozilla firefox 1.5.0.8

mozilla firefox 1.5.0.9

mozilla firefox 1.5.1

mozilla firefox 1.5.8

mozilla firefox 2.0

mozilla firefox 2.0.0.15

mozilla firefox 2.0.0.16

mozilla firefox 2.0.0.5

mozilla firefox 2.0.0.6

mozilla firefox 0.2

mozilla firefox 0.3

mozilla firefox 0.8

mozilla firefox 1.0.2

mozilla firefox 1.0.3

mozilla firefox 1.5

mozilla firefox 1.5.0.4

mozilla firefox 1.5.0.5

mozilla firefox 1.5.4

mozilla firefox 1.5.5

mozilla firefox 2.0.0.11

mozilla firefox 2.0.0.12

mozilla firefox 2.0.0.19

mozilla firefox 2.0.0.2

mozilla firefox 2.0.0.9

mozilla firefox 3.0.19

mozilla firefox 3.0.13

mozilla firefox 3.0.14

mozilla firefox 3.0.5

mozilla firefox 3.0.6

mozilla firefox 3.5

mozilla firefox 3.5.1

mozilla firefox 3.5.2

mozilla firefox 3.5.3

mozilla firefox 3.6.28

mozilla firefox 3.6.27

mozilla firefox 3.6.26

mozilla firefox 3.6.15

mozilla firefox 3.6.16

mozilla firefox 3.6.22

mozilla firefox 3.6.23

mozilla firefox 3.6.9

mozilla firefox 4.0.1

mozilla firefox 4.0

mozilla firefox 5.0

mozilla firefox 6.0

mozilla firefox 9.0

mozilla firefox 10.0

mozilla firefox 10.0.8

mozilla firefox 10.0.7

mozilla firefox 12.0

mozilla firefox 13.0.1

mozilla firefox 16.0.2

mozilla firefox 17.0.11

mozilla firefox 17.0.4

mozilla firefox 0.10

mozilla firefox 0.10.1

mozilla firefox 0.7

mozilla firefox 0.7.1

mozilla firefox 1.0

mozilla firefox 1.0.1

mozilla firefox 1.0.8

mozilla firefox 1.5.0.2

mozilla firefox 1.5.0.3

mozilla firefox 1.5.2

mozilla firefox 1.5.3

mozilla firefox 2.0.0.1

mozilla firefox 2.0.0.10

mozilla firefox 2.0.0.17

mozilla firefox 2.0.0.18

mozilla firefox 2.0.0.7

mozilla firefox 2.0.0.8

mozilla firefox 3.0.11

mozilla firefox 3.0.12

mozilla firefox 3.0.3

mozilla firefox 3.0.4

mozilla firefox 3.5.18

mozilla firefox 3.5.19

mozilla firefox 3.5.14

mozilla firefox 3.5.15

mozilla firefox 3.5.8

mozilla firefox 3.5.9

mozilla firefox 3.6.13

mozilla firefox 3.6.14

mozilla firefox 3.6.20

mozilla firefox 3.6.21

mozilla firefox 3.6.6

mozilla firefox 3.6.7

mozilla firefox 3.6.8

mozilla firefox 5.0.1

mozilla firefox 8.0

mozilla firefox 9.0.1

mozilla firefox 10.0.10

mozilla firefox 10.0.9

mozilla firefox 11.0

mozilla firefox 16.0

mozilla firefox 16.0.1

mozilla firefox 17.0.6

mozilla firefox 17.0.5

mozilla firefox 19.0.2

mozilla firefox 19.0.1

mozilla firefox 23.0

mozilla firefox 24.1

mozilla firefox 3.0.1

mozilla firefox 3.0.10

mozilla firefox 3.0.17

mozilla firefox 3.0.2

mozilla firefox 3.5.16

mozilla firefox 3.5.17

mozilla firefox 3.5.12

mozilla firefox 3.5.13

mozilla firefox 3.5.6

mozilla firefox 3.5.7

mozilla firefox 3.6.11

mozilla firefox 3.6.12

mozilla firefox 3.6.19

mozilla firefox 3.6.2

mozilla firefox 3.6.3

mozilla firefox 3.6.4

mozilla firefox 7.0.1

mozilla firefox 7.0

mozilla firefox 8.0.1

mozilla firefox 10.0.12

mozilla firefox 10.0.11

mozilla firefox 10.0.4

mozilla firefox 10.0.3

mozilla firefox 15.0

mozilla firefox 15.0.1

mozilla firefox 17.0.8

mozilla firefox 17.0.7

mozilla firefox 18.0.1

mozilla firefox 18.0

mozilla firefox 24.1.1

mozilla firefox 23.0.1

mozilla firefox 17.0.3

mozilla firefox 19.0

mozilla firefox 20.0.1

mozilla firefox 24.0

mozilla firefox 25.0

mozilla firefox 1.5.6

mozilla firefox 1.5.7

mozilla firefox 2.0.0.13

mozilla firefox 2.0.0.14

mozilla firefox 2.0.0.20

mozilla firefox 2.0.0.3

mozilla firefox 2.0.0.4

mozilla firefox 3.0.18

mozilla firefox 3.0

mozilla firefox 3.0.15

mozilla firefox 3.0.16

mozilla firefox 3.0.7

mozilla firefox 3.0.8

mozilla firefox 3.0.9

mozilla firefox 3.5.10

mozilla firefox 3.5.11

mozilla firefox 3.5.4

mozilla firefox 3.5.5

mozilla firefox 3.6

mozilla firefox 3.6.10

mozilla firefox 3.6.17

mozilla firefox 3.6.18

mozilla firefox 3.6.24

mozilla firefox 3.6.25

mozilla firefox 6.0.1

mozilla firefox 6.0.2

mozilla firefox 10.0.1

mozilla firefox 10.0.2

mozilla firefox 10.0.6

mozilla firefox 10.0.5

mozilla firefox 13.0

mozilla firefox 14.0

mozilla firefox 14.0.1

mozilla firefox 17.0.10

mozilla firefox 17.0.9

mozilla firefox 17.0.2

mozilla firefox 18.0.2

mozilla firefox 20.0

mozilla firefox 21.0

mozilla firefox 25.0.1

opensuse project opensuse 12.3

opensuse opensuse 13.1

canonical ubuntu linux 13.10

canonical ubuntu linux 12.10

canonical ubuntu linux 12.04

Vendor Advisories

Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Ubuntu Security Notice: firefox regression
USN-2102-1 introduced a regression in Firefox ...
Mozilla: Firefox default start page UI content invokable by script
Mozilla Foundation Security Advisory 2014-10 Firefox default start page UI content invokable by script Announced February 4, 2014 Reporter Yazan Tommalieh Impact Low Products Firefox Fixed in ...
Red Hat: CVE-2014-1489
Mozilla Firefox before 270 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site ...

References

CWE-264http://www.mozilla.org/security/announce/2014/mfsa2014-10.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=959531http://www.ubuntu.com/usn/USN-2102-1http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.htmlhttp://www.ubuntu.com/usn/USN-2102-2http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttps://security.gentoo.org/glsa/201504-01https://exchange.xforce.ibmcloud.com/vulnerabilities/90888http://www.securitytracker.com/id/1029717http://www.securityfocus.com/bid/65329http://secunia.com/advisories/56888http://osvdb.org/102874https://nvd.nist.govhttps://usn.ubuntu.com/2102-1/https://access.redhat.com/security/cve/cve-2014-1489
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook