Lucene search

K

MozillaCVELIST:CVE-2014-1504

HistoryMar 19, 2014 - 10:00 a.m.

CVE-2014-1504

2014-03-1910:00:00

mozilla

www.cve.org

6

AI Score

8.3

Confidence

High

EPSS

0.004

Percentile

73.6%

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.

References

lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html

lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html

www.mozilla.org/security/announce/2014/mfsa2014-23.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

bugzilla.mozilla.org/show_bug.cgi?id=911547

security.gentoo.org/glsa/201504-01

AI Score

8.3

Confidence

High

EPSS

0.004

Percentile

73.6%

Related for CVELIST:CVE-2014-1504

nvd1 openvas18 ubuntucve1 mozilla1 prion1 cve1 suse5 nessus9 ubuntu1 mageia1 freebsd1 securityvulns1 gentoo1 osv1