CVE-2014-1496

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
mozillafirefox
𝑥
< 28.0
mozillafirefox_esr
24.0 ≤
𝑥
< 24.4
mozillaseamonkey
𝑥
< 2.25
mozillathunderbird
𝑥
< 24.4
susesuse_linux_enterprise_software_development_kit
11.0:sp3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
saucy
not-affected
quantal
not-affected
precise
not-affected
lucid
ignored
thunderbird
saucy
not-affected
quantal
not-affected
precise
not-affected
lucid
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://bugzilla.mozilla.org/show_bug.cgi?id=925747
https://security.gentoo.org/glsa/201504-01
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://bugzilla.mozilla.org/show_bug.cgi?id=925747
https://security.gentoo.org/glsa/201504-01