Lucene search

[email protected]CVE-2014-1489

HistoryFeb 06, 2014 - 5:44 a.m.

CVE-2014-1489

2014-02-0605:44:25

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-1489

mozilla firefox

about:home

access restriction

denial of service

session restore

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8.7 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.3%

JSON

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.

Affected configurations

NVD

Node

oraclesolarisMatch11.3

Node

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_serverMatch11sp3

suselinux_enterprise_serverMatch11sp3vmware

suselinux_enterprise_software_development_kitMatch11sp3

Node

mozillafirefoxRange≤26.0

mozillafirefoxMatch0.1

mozillafirefoxMatch0.2

mozillafirefoxMatch0.3

mozillafirefoxMatch0.4

mozillafirefoxMatch0.5

mozillafirefoxMatch0.6

mozillafirefoxMatch0.6.1

mozillafirefoxMatch0.7

mozillafirefoxMatch0.7.1

mozillafirefoxMatch0.8

mozillafirefoxMatch0.9

mozillafirefoxMatch0.9rc

mozillafirefoxMatch0.9.1

mozillafirefoxMatch0.9.2

mozillafirefoxMatch0.9.3

mozillafirefoxMatch0.10

mozillafirefoxMatch0.10.1

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0preview_release

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillafirefoxMatch1.0.5

mozillafirefoxMatch1.0.6

mozillafirefoxMatch1.0.7

mozillafirefoxMatch1.0.8

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5beta1

mozillafirefoxMatch1.5beta2

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillafirefoxMatch1.5.0.5

mozillafirefoxMatch1.5.0.6

mozillafirefoxMatch1.5.0.7

mozillafirefoxMatch1.5.0.8

mozillafirefoxMatch1.5.0.9

mozillafirefoxMatch1.5.0.10

mozillafirefoxMatch1.5.0.11

mozillafirefoxMatch1.5.0.12

mozillafirefoxMatch1.5.1

mozillafirefoxMatch1.5.2

mozillafirefoxMatch1.5.3

mozillafirefoxMatch1.5.4

mozillafirefoxMatch1.5.5

mozillafirefoxMatch1.5.6

mozillafirefoxMatch1.5.7

mozillafirefoxMatch1.5.8

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillafirefoxMatch2.0.0.7

mozillafirefoxMatch2.0.0.8

mozillafirefoxMatch2.0.0.9

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillafirefoxMatch2.0.0.12

mozillafirefoxMatch2.0.0.13

mozillafirefoxMatch2.0.0.14

mozillafirefoxMatch2.0.0.15

mozillafirefoxMatch2.0.0.16

mozillafirefoxMatch2.0.0.17

mozillafirefoxMatch2.0.0.18

mozillafirefoxMatch2.0.0.19

mozillafirefoxMatch2.0.0.20

mozillafirefoxMatch3.0

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

mozillafirefoxMatch3.0.4

mozillafirefoxMatch3.0.5

mozillafirefoxMatch3.0.6

mozillafirefoxMatch3.0.7

mozillafirefoxMatch3.0.8

mozillafirefoxMatch3.0.9

mozillafirefoxMatch3.0.10

mozillafirefoxMatch3.0.11

mozillafirefoxMatch3.0.12

mozillafirefoxMatch3.0.13

mozillafirefoxMatch3.0.14

mozillafirefoxMatch3.0.15

mozillafirefoxMatch3.0.16

mozillafirefoxMatch3.0.17

mozillafirefoxMatch3.0.18

mozillafirefoxMatch3.0.19

mozillafirefoxMatch3.5

mozillafirefoxMatch3.5.1

mozillafirefoxMatch3.5.2

mozillafirefoxMatch3.5.3

mozillafirefoxMatch3.5.4

mozillafirefoxMatch3.5.5

mozillafirefoxMatch3.5.6

mozillafirefoxMatch3.5.7

mozillafirefoxMatch3.5.8

mozillafirefoxMatch3.5.9

mozillafirefoxMatch3.5.10

mozillafirefoxMatch3.5.11

mozillafirefoxMatch3.5.12

mozillafirefoxMatch3.5.13

mozillafirefoxMatch3.5.14

mozillafirefoxMatch3.5.15

mozillafirefoxMatch3.5.16

mozillafirefoxMatch3.5.17

mozillafirefoxMatch3.5.18

mozillafirefoxMatch3.5.19

mozillafirefoxMatch3.6

mozillafirefoxMatch3.6.2

mozillafirefoxMatch3.6.3

mozillafirefoxMatch3.6.4

mozillafirefoxMatch3.6.6

mozillafirefoxMatch3.6.7

mozillafirefoxMatch3.6.8

mozillafirefoxMatch3.6.9

mozillafirefoxMatch3.6.10

mozillafirefoxMatch3.6.11

mozillafirefoxMatch3.6.12

mozillafirefoxMatch3.6.13

mozillafirefoxMatch3.6.14

mozillafirefoxMatch3.6.15

mozillafirefoxMatch3.6.16

mozillafirefoxMatch3.6.17

mozillafirefoxMatch3.6.18

mozillafirefoxMatch3.6.19

mozillafirefoxMatch3.6.20

mozillafirefoxMatch3.6.21

mozillafirefoxMatch3.6.22

mozillafirefoxMatch3.6.23

mozillafirefoxMatch3.6.24

mozillafirefoxMatch3.6.25

mozillafirefoxMatch3.6.26

mozillafirefoxMatch3.6.27

mozillafirefoxMatch3.6.28

mozillafirefoxMatch4.0

mozillafirefoxMatch4.0beta1

mozillafirefoxMatch4.0beta10

mozillafirefoxMatch4.0beta11

mozillafirefoxMatch4.0beta12

mozillafirefoxMatch4.0beta2

mozillafirefoxMatch4.0beta3

mozillafirefoxMatch4.0beta4

mozillafirefoxMatch4.0beta5

mozillafirefoxMatch4.0beta6

mozillafirefoxMatch4.0beta7

mozillafirefoxMatch4.0beta8

mozillafirefoxMatch4.0beta9

mozillafirefoxMatch4.0.1

mozillafirefoxMatch5.0

mozillafirefoxMatch5.0.1

mozillafirefoxMatch6.0

mozillafirefoxMatch6.0.1

mozillafirefoxMatch6.0.2

mozillafirefoxMatch7.0

mozillafirefoxMatch7.0.1

mozillafirefoxMatch8.0

mozillafirefoxMatch8.0.1

mozillafirefoxMatch9.0

mozillafirefoxMatch9.0.1

mozillafirefoxMatch10.0

mozillafirefoxMatch10.0.1

mozillafirefoxMatch10.0.2

mozillafirefoxMatch10.0.3

mozillafirefoxMatch10.0.4

mozillafirefoxMatch10.0.5

mozillafirefoxMatch10.0.6

mozillafirefoxMatch10.0.7

mozillafirefoxMatch10.0.8

mozillafirefoxMatch10.0.9

mozillafirefoxMatch10.0.10

mozillafirefoxMatch10.0.11

mozillafirefoxMatch10.0.12

mozillafirefoxMatch11.0

mozillafirefoxMatch12.0

mozillafirefoxMatch12.0beta6

mozillafirefoxMatch13.0

mozillafirefoxMatch13.0.1

mozillafirefoxMatch14.0

mozillafirefoxMatch14.0.1

mozillafirefoxMatch15.0

mozillafirefoxMatch15.0.1

mozillafirefoxMatch16.0

mozillafirefoxMatch16.0.1

mozillafirefoxMatch16.0.2

mozillafirefoxMatch17.0.2

mozillafirefoxMatch17.0.3

mozillafirefoxMatch17.0.4

mozillafirefoxMatch17.0.5

mozillafirefoxMatch17.0.6

mozillafirefoxMatch17.0.7

mozillafirefoxMatch17.0.8

mozillafirefoxMatch17.0.9

mozillafirefoxMatch17.0.10

mozillafirefoxMatch17.0.11

mozillafirefoxMatch18.0

mozillafirefoxMatch18.0.1

mozillafirefoxMatch18.0.2

mozillafirefoxMatch19.0

mozillafirefoxMatch19.0.1

mozillafirefoxMatch19.0.2

mozillafirefoxMatch20.0

mozillafirefoxMatch20.0.1

mozillafirefoxMatch21.0

mozillafirefoxMatch23.0

mozillafirefoxMatch23.0.1

mozillafirefoxMatch24.0

mozillafirefoxMatch24.1

mozillafirefoxMatch24.1.1

mozillafirefoxMatch25.0

mozillafirefoxMatch25.0.1

Node

opensuseopensuseMatch13.1

opensuse_projectopensuseMatch12.3

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.10

CPENameOperatorVersion
oracle:solarisoracle solariseq11.3

CPE	Name	Operator	Version
oracle:solaris	oracle solaris	eq	11.3

References

lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

osvdb.org/102874

secunia.com/advisories/56888

www.mozilla.org/security/announce/2014/mfsa2014-10.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/65329

www.securitytracker.com/id/1029717

www.ubuntu.com/usn/USN-2102-1

www.ubuntu.com/usn/USN-2102-2

bugzilla.mozilla.org/show_bug.cgi?id=959531

exchange.xforce.ibmcloud.com/vulnerabilities/90888

security.gentoo.org/glsa/201504-01

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8.7 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.3%

JSON

Related for CVE-2014-1489

prion1 mozilla1 cvelist1 ubuntucve1 openvas15 nvd1 nessus10 ubuntu2 suse4 freebsd1 securityvulns1 gentoo1