CVE-2014-1496

EUVD-2014-1572
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
< 28.0
mozillafirefox
24.0 ≤
𝑥
< 24.4
mozillaseamonkey
𝑥
< 2.25
mozillathunderbird
𝑥
< 24.4
susesuse_linux_enterprise_software_development_kit
11.0:sp3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
lucid
ignored
precise
not-affected
quantal
not-affected
saucy
not-affected
thunderbird
lucid
ignored
precise
not-affected
quantal
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://bugzilla.mozilla.org/show_bug.cgi?id=925747
https://security.gentoo.org/glsa/201504-01
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://bugzilla.mozilla.org/show_bug.cgi?id=925747
https://security.gentoo.org/glsa/201504-01