First published: Wed Mar 19 2014(Updated: )
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
openSUSE | =13.1 | |
openSUSE | =11.4 | |
openSUSE | =12.3 | |
Oracle Solaris and Zettabyte File System (ZFS) | =11.3 | |
Firefox | <28.0 | |
Mozilla SeaMonkey | <2.25 | |
SUSE Linux Enterprise Desktop | =11-sp3 | |
SUSE Linux Enterprise Server | =11-sp3 | |
SUSE Linux Enterprise Server | =11-sp3 | |
SUSE Linux Enterprise Software Development Kit | =11-sp3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-1500 is classified as a moderate severity vulnerability due to its potential to cause denial of service.
To mitigate CVE-2014-1500, update Mozilla Firefox to version 28.0 or later and SeaMonkey to version 2.25 or later.
CVE-2014-1500 affects Mozilla Firefox versions prior to 28.0 and SeaMonkey versions prior to 2.25 on specific operating systems like openSUSE and Oracle Solaris.
CVE-2014-1500 can lead to resource consumption and application hangs, resulting in denial of service for users.
CVE-2014-1500 can be exploited by remote attackers through specially crafted onbeforeunload events to execute background JavaScript.