CVE-2014-1590

CVE Database · CVE-2014-1590

CVE-2014-1590

· N/AModified

CVSS v3.1

N/A

EPSS

1.68%

Published

Dec 11, 2014

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.

Weaknesses (CWE)

CWE-20

Affected Products (4)

mozilla · firefoxvulnerable

mozilla · seamonkeyvulnerable

mozilla · thunderbirdvulnerable

References (18)

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://www.debian.org/security/2014/dsa-3090

http://www.debian.org/security/2014/dsa-3092

http://www.mozilla.org/security/announce/2014/mfsa2014-85.html