Published: 23/07/2014 Updated: 07/01/2017

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Mozilla Firefox prior to 31.0 and Thunderbird prior to 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote malicious users to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla thunderbird 24.6
mozilla thunderbird 24.5
mozilla thunderbird 24.4
mozilla firefox
mozilla thunderbird 24.1
mozilla thunderbird 24.1.1
mozilla thunderbird 24.0
mozilla thunderbird 24.0.1
mozilla thunderbird
mozilla thunderbird 24.2
mozilla thunderbird 24.3

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Several security issues were fixed in Thunderbird ...

Mozilla Foundation Security Advisory 2014-66 IFRAME sandbox same-origin access through redirect Announced July 22, 2014 Reporter Boris Zbarsky Impact Moderate Products Firefox, Thunderbird Fixed in ...

CWE-264 https://bugzilla.mozilla.org/show_bug.cgi?id=985135 http://www.mozilla.org/security/announce/2014/mfsa2014-66.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://security.gentoo.org/glsa/201504-01 http://www.securitytracker.com/id/1030620 http://www.securitytracker.com/id/1030619 http://secunia.com/advisories/60628 http://secunia.com/advisories/59760 https://nvd.nist.gov https://usn.ubuntu.com/2295-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1552

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect