Lucene search

[email protected]NVD:CVE-2014-8632

HistoryDec 11, 2014 - 11:59 a.m.

CVE-2014-8632

2014-12-1111:59:13

CWE-284

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

64.9%

JSON

The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.

Affected configurations

Nvd

Node

mozillafirefoxRange≤33.0

mozillaseamonkeyRange≤2.30

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	seamonkey	*	cpe:2.3:a:mozilla:seamonkey::::::::

References

www.mozilla.org/security/announce/2014/mfsa2014-91.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

bugzilla.mozilla.org/show_bug.cgi?id=1050340

security.gentoo.org/glsa/201504-01

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

64.9%

JSON

Related for NVD:CVE-2014-8632

cvelist1 ubuntucve1 cve1 prion1 mozilla1 openvas7 mageia1 nessus5 archlinux1 securityvulns1 gentoo1