CVE-2014-1583

2014-10-1510:55:06

mozilla

web.nvd.nist.gov

cve-2014-1583

mozilla firefox

alarm api

same origin policy

json data

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

High

EPSS

0.007

Percentile

80.5%

JSON

The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.

Affected configurations

Nvd

Node

mozillafirefoxRange≤32.0

mozillafirefoxMatch30.0

mozillafirefoxMatch31.0

mozillafirefoxMatch31.1.0

Node

mozillafirefox_esrMatch31.0

mozillafirefox_esrMatch31.1.0

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox30.0cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*
mozillafirefox31.0cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
mozillafirefox31.1.0cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
mozillafirefox_esr31.0cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
mozillafirefox_esr31.1.0cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	30.0	cpe:2.3:a:mozilla:firefox:30.0:::::::*
mozilla	firefox	31.0	cpe:2.3:a:mozilla:firefox:31.0:::::::*
mozilla	firefox	31.1.0	cpe:2.3:a:mozilla:firefox:31.1.0:::::::*
mozilla	firefox_esr	31.0	cpe:2.3:a:mozilla:firefox_esr:31.0:::::::*
mozilla	firefox_esr	31.1.0	cpe:2.3:a:mozilla:firefox_esr:31.1.0:::::::*