Lucene search

MozillaCVE-2014-1496

HistoryMar 19, 2014 - 10:55 a.m.

CVE-2014-1496

2014-03-1910:55:06

CWE-269

mozilla

web.nvd.nist.gov

cve-2014-1496

mozilla firefox

thunderbird

seamonkey

privilege escalation

local exploit

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

36.9%

JSON

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

Affected configurations

Nvd

Node

mozillafirefoxRange<28.0

mozillafirefox_esrRange24.0–24.4

mozillaseamonkeyRange<2.25

mozillathunderbirdRange<24.4

Node

susesuse_linux_enterprise_software_development_kitMatch11.0sp3

susesuse_linux_enterprise_desktopMatch11sp3

susesuse_linux_enterprise_serverMatch11sp3

susesuse_linux_enterprise_serverMatch11sp3vmware

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox_esr*cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
susesuse_linux_enterprise_software_development_kit11.0cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*
susesuse_linux_enterprise_desktop11cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
susesuse_linux_enterprise_server11cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:*:*:*
susesuse_linux_enterprise_server11cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox_esr	*	cpe:2.3:a:mozilla:firefox_esr::::::::
mozilla	seamonkey	*	cpe:2.3:a:mozilla:seamonkey::::::::
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::
suse	suse_linux_enterprise_software_development_kit	11.0	cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3::::::
suse	suse_linux_enterprise_desktop	11	cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3::::::
suse	suse_linux_enterprise_server	11	cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3::::::
suse	suse_linux_enterprise_server	11	cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3::::vmware::*