CVSS 5.5 · MEDIUM
CVE-2014-1496
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.
View on NVDSeverity
Score: 5.5(MEDIUM)
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NAV: LOCAL
AC: LOW
PR: NONE
UI: REQUIRED
S: UNCHANGED
C: NONE
I: HIGH
A: NONE
Weakness (CWE):
CWE-269EPSS
Probability of exploitation (next 30 days): 0.0006 (0.1%)
Percentile: 19.5%
EPSS: 2026-05-06
Affects
mozilla:firefoxmozilla:seamonkeymozilla:thunderbirdsuse:suse_linux_enterprise_software_development_kitsuse:suse_linux_enterprise_desktopsuse:suse_linux_enterprise_serverTechnical description
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.
Published: 3/19/2014, 10:55:06 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=925747
- https://security.gentoo.org/glsa/201504-01
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html