Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.
References
Link | Resource |
---|---|
http://www.mozilla.org/security/announce/2014/mfsa2014-16.html | Vendor Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=925747 | Exploit Issue Tracking Vendor Advisory |
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html | Mailing List Third Party Advisory |
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | Third Party Advisory |
https://security.gentoo.org/glsa/201504-01 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2014-03-19 03:55
Updated : 2020-08-05 06:51
NVD link : CVE-2014-1496
Mitre link : CVE-2014-1496
JSON object : View
CWE
CWE-269
Improper Privilege Management
Products Affected
mozilla
- firefox_esr
- thunderbird
- firefox
- seamonkey
suse
- suse_linux_enterprise_desktop
- suse_linux_enterprise_software_development_kit
- suse_linux_enterprise_server