CVE-2014-1530
30.04.2014, 10:49
The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 29.0 |
| mozilla | firefox | 24.0 ≤ 𝑥 < 24.5 |
| mozilla | seamonkey | 𝑥 < 2.26 |
| mozilla | thunderbird | 𝑥 < 24.5 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 12.10 |
| canonical | ubuntu_linux | 13.10 |
| canonical | ubuntu_linux | 14.04 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_eus | 6.5 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux_server_eus | 6.5 |
| redhat | enterprise_linux_server_tus | 6.5 |
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| opensuse | opensuse | 11.4 |
| opensuse | opensuse | 12.3 |
| opensuse | opensuse | 13.1 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||
| thunderbird |
|
References