CVE-2014-1510

CVE Database · CVE-2014-1510

CVE-2014-1510

· CRITICALModified

CVSS v3.1

9.8

EPSS

82.34%

Published

Mar 19, 2014

Modified

May 6, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMozilla Firefox - WebIDL Privileged JavaScript Injection (Metasploit)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-269

Affected Products (26)

mozilla · firefox (up to 28.0)vulnerable

mozilla · firefox (up to 24.4)vulnerable

mozilla · seamonkey (up to 2.25)vulnerable

mozilla · thunderbird (up to 24.4)vulnerable

canonical · ubuntu_linuxvulnerable

debian · debian_linuxvulnerable