Launchpad.net

CVE 2014-1479

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.

Related bugs and status

CVE-2014-1479 (Candidate) is related to these bugs:

Bug #469752: firefox,3.5/3.6 startup-notification bug

		In	Importance	Status
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu)	Medium	Invalid
469752	firefox,3.5/3.6 startup-notification bug	Mozilla Firefox	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Suse)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu Lucid)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu Lucid)	Medium	Invalid

Bug #1274468: Update to 27.0

Summary				In	Importance	Status
	1274468	Update to 27.0		firefox (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
CONFIRM: https://8pecxstudios.c...
DEBIAN: DSA-2858
REDHAT: RHSA-2014:0132
REDHAT: RHSA-2014:0133
SUSE: SUSE-SU-2014:0248
UBUNTU: USN-2102-1
SECUNIA: 56706
SUSE: openSUSE-SU-2014:0212
SUSE: openSUSE-SU-2014:0213
UBUNTU: USN-2102-2
UBUNTU: USN-2119-1
FEDORA: FEDORA-2014-2041
FEDORA: FEDORA-2014-2083
SUSE: openSUSE-SU-2014:0419
CONFIRM: http://www.oracle.com/...
GENTOO: GLSA-201504-01
CONFIRM: http://download.novell...
CONFIRM: http://download.novell...
BID: 65320
OSVDB: 102866
SECTRACK: 1029717
SECTRACK: 1029720
SECTRACK: 1029721
SECUNIA: 56761
SECUNIA: 56763
SECUNIA: 56767
SECUNIA: 56787
SECUNIA: 56858
SECUNIA: 56888
SECUNIA: 56922
XF: firefox-cve20141479-se...