Namespace Misconfiguration in Mozilla Firefox and SeaMonkey
CVE-2014-1589

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Seamonkey
Vendor: CVE Published:; 11 December 2014

Summary

Mozilla Firefox versions prior to 34.0 and SeaMonkey prior to 2.31 contain a flaw in the handling of stylesheets that leads to an incorrect primary namespace. This misconfiguration can be exploited by remote attackers to bypass intended access restrictions, potentially exposing sensitive information or functionality within the affected browsers. The vulnerability is associated with XBL bindings, which may be misused to execute unauthorized actions.

References

http://www.mozilla.org/security/announce/2014/mfsa2014-84...

x_refsource_CONFIRM

https://security.gentoo.org/glsa/201504-01

vendor-advisoryx_refsource_GENTOO

http://www.oracle.com/technetwork/topics/security/bulleti...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Jan 16, 2014