Lucene search

[email protected]CVE-2014-8632

HistoryDec 11, 2014 - 11:59 a.m.

CVE-2014-8632

2014-12-1111:59:00

CWE-284

[email protected]

web.nvd.nist.gov

cve-2014-8632

mozilla firefox

seamonkey

remote attackers

dom object restrictions

xraywrapper

9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.7%

JSON

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle33.0
mozilla:seamonkeymozilla seamonkeyle2.30

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	33.0
mozilla:seamonkey	mozilla seamonkey	le	2.30

References

www.mozilla.org/security/announce/2014/mfsa2014-91.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

bugzilla.mozilla.org/show_bug.cgi?id=1050340

security.gentoo.org/glsa/201504-01

9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.7%

JSON

Related for CVE-2014-8632

cvelist1 ubuntucve1 prion1 mozilla1 openvas7 archlinux1 mageia1 nessus5 securityvulns1 gentoo1