Published: 11/12/2014 Updated: 22/12/2016

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Mozilla Firefox prior to 34.0 and SeaMonkey prior to 2.31 provide stylesheets with an incorrect primary namespace, which allows remote malicious users to bypass intended access restrictions via an XBL binding.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla seamonkey

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Mozilla Foundation Security Advisory 2014-84 XBL bindings accessible via improper CSS declarations Announced December 2, 2014 Reporter Cody Crews Impact Moderate Products Firefox, SeaMonkey Fixed in ...

CWE-284 https://bugzilla.mozilla.org/show_bug.cgi?id=1043787 http://www.mozilla.org/security/announce/2014/mfsa2014-84.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://security.gentoo.org/glsa/201504-01 https://usn.ubuntu.com/2424-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1589

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect