CVE-2014-1524

CVE Database · CVE-2014-1524

CVE-2014-1524

· CRITICALModified

CVSS v3.1

9.8

EPSS

7.54%

Published

Apr 30, 2014

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-120

Affected Products (27)

mozilla · firefox (up to 29.0)vulnerable

mozilla · firefox (up to 24.5)vulnerable

mozilla · seamonkey (up to 2.26)vulnerable

mozilla · thunderbird (up to 24.5)vulnerable

canonical · ubuntu_linuxvulnerable