Lucene search

[email protected]CVE-2014-1496

HistoryMar 19, 2014 - 10:55 a.m.

CVE-2014-1496

2014-03-1910:55:06

CWE-269

[email protected]

web.nvd.nist.gov

cve-2014-1496

mozilla firefox

thunderbird

seamonkey

privilege escalation

local exploit

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.9%

JSON

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

Affected configurations

NVD

Node

mozillafirefoxRange<28.0

mozillafirefox_esrRange24.0–24.4

mozillaseamonkeyRange<2.25

mozillathunderbirdRange<24.4

Node

susesuse_linux_enterprise_software_development_kitMatch11.0sp3

susesuse_linux_enterprise_desktopMatch11sp3

susesuse_linux_enterprise_serverMatch11sp3

susesuse_linux_enterprise_serverMatch11sp3vmware

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt28.0
mozilla:firefox_esrmozilla firefox esrlt24.4
mozilla:seamonkeymozilla seamonkeylt2.25
mozilla:thunderbirdmozilla thunderbirdlt24.4

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	lt	28.0
mozilla:firefox_esr	mozilla firefox esr	lt	24.4
mozilla:seamonkey	mozilla seamonkey	lt	2.25
mozilla:thunderbird	mozilla thunderbird	lt	24.4