1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
PublicDateAtUSN: 2014-02-04
Candidate: CVE-2014-1481
PublicDate: 2014-02-06
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481
https://rhn.redhat.com/errata/RHSA-2014-0132.html
http://www.mozilla.org/security/announce/2014/mfsa2014-13.html
http://www.ubuntu.com/usn/usn-2102-1
http://www.ubuntu.com/usn/usn-2119-1
Description:
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird
before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass
intended restrictions on window objects by leveraging inconsistency in
native getter methods across different JavaScript engines.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: chrisccoulson
Patches_firefox:
upstream_firefox: released (27.0)
lucid_firefox: ignored (reached end-of-life)
precise_firefox: released (27.0+build1-0ubuntu0.12.04.1)
quantal_firefox: released (27.0+build1-0ubuntu0.12.10.1)
saucy_firefox: released (27.0+build1-0ubuntu0.13.10.1)
devel_firefox: not-affected
Patches_thunderbird:
Priority_thunderbird: low
upstream_thunderbird: released (24.3.0)
lucid_thunderbird: ignored (reached end-of-life)
precise_thunderbird: released (1:24.3.0+build2-0ubuntu0.12.04.1)
quantal_thunderbird: released (1:24.3.0+build2-0ubuntu0.12.10.1)
saucy_thunderbird: released (1:24.3.0+build2-0ubuntu0.13.10.1)
devel_thunderbird: released (1:24.4.0+build1-0ubuntu1)
|