CVE-2014-1496

CVE Database · CVE-2014-1496

CVE-2014-1496

· MEDIUMModified

CVSS v3.1

5.5

EPSS

0.38%

Published

Mar 19, 2014

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-269

Affected Products (8)

mozilla · firefox (up to 28.0)vulnerable

mozilla · firefox (up to 24.4)vulnerable

mozilla · seamonkey (up to 2.25)vulnerable

mozilla · thunderbird (up to 24.4)vulnerable

suse · suse_linux_enterprise_software_development_kitvulnerable

suse · suse_linux_enterprise_desktopvulnerable

suse · suse_linux_enterprise_servervulnerable

References (10)

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

Mailing ListThird Party Advisory

http://www.mozilla.org/security/announce/2014/mfsa2014-16.html

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=925747

ExploitIssue TrackingVendor Advisory

https://security.gentoo.org/glsa/201504-01

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

KEV Catalog EPSS Scores Vendors All CVEs