CVE-2014-1526

2014-04-3010:49:00

CWE-269

[email protected]

web.nvd.nist.gov

cve-2014-1526

xraywrapper

mozilla firefox

seamonkey

remote attackers

access restrictions

dom methods

8.9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.4%

JSON

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt29.0
mozilla:seamonkeymozilla seamonkeylt2.26
canonical:ubuntu_linuxcanonical ubuntu linuxeq13.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
opensuse:opensuseopensuseeq12.3
opensuse:opensuseopensuseeq13.1
fedoraproject:fedorafedoraproject fedoraeq19

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	lt	29.0
mozilla:seamonkey	mozilla seamonkey	lt	2.26
canonical:ubuntu_linux	canonical ubuntu linux	eq	13.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
opensuse:opensuse	opensuse	eq	12.3
opensuse:opensuse	opensuse	eq	13.1
fedoraproject:fedora	fedoraproject fedora	eq	19