CVE-2014-1485

CVE Database · CVE-2014-1485

CVE-2014-1485

· N/AModified

CVSS v3.1

N/A

EPSS

3.00%

Published

Feb 6, 2014

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.

Affected Products (13)

mozilla · firefox (up to 27.0)vulnerable

mozilla · seamonkey (up to 2.24)vulnerable

oracle · solarisvulnerable

canonical · ubuntu_linuxvulnerable

opensuse · opensusevulnerable

suse · linux_enterprise_desktop

References (20)

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

Mailing ListThird Party Advisory