CVE-2014-1496
First published: Wed Mar 19 2014(Updated: )
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <28.0 | |
| Firefox ESR | >=24.0<24.4 | |
| Mozilla SeaMonkey | <2.25 | |
| Thunderbird | <24.4 | |
| SUSE Linux Enterprise Software Development Kit | =11.0-sp3 | |
| SUSE Linux Enterprise Desktop | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| <28.0 | ||
| >=24.0<24.4 | ||
| <2.25 | ||
| <24.4 | ||
| =11.0-sp3 | ||
| =11-sp3 | ||
| =11-sp3 | ||
| =11-sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=925747
- https://security.gentoo.org/glsa/201504-01
Frequently Asked Questions
What is the severity of CVE-2014-1496?
CVE-2014-1496 is considered to have a medium severity level allowing local users to gain privileges.
How do I fix CVE-2014-1496?
To fix CVE-2014-1496, update Mozilla Firefox to version 28.0 or later, and update Thunderbird, SeaMonkey, and Firefox ESR to their respective patched versions.
Who is affected by CVE-2014-1496?
CVE-2014-1496 affects users of Mozilla Firefox before version 28.0, Firefox ESR versions, Thunderbird before 24.4, and SeaMonkey before 2.25.
What type of vulnerability is CVE-2014-1496?
CVE-2014-1496 is a local privilege escalation vulnerability that can be exploited during the update process of affected software.
Is there a workaround for CVE-2014-1496?
There are no known effective workarounds for CVE-2014-1496, and the best course of action is to apply the necessary software updates.
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/mozilla
- canonical/firefox
- canonical/firefox esr
- version/firefox esr/24.0
- canonical/mozilla seamonkey
- canonical/thunderbird
- vendor/suse
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11.0-sp3
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp3