The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html - | |
References | () http://www.debian.org/security/2014/dsa-3090 - | |
References | () http://www.debian.org/security/2014/dsa-3092 - | |
References | () http://www.mozilla.org/security/announce/2014/mfsa2014-85.html - Vendor Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html - | |
References | () http://www.securityfocus.com/bid/71397 - | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=1087633 - | |
References | () https://security.gentoo.org/glsa/201504-01 - |
Information
Published : 2014-12-11 11:59
Updated : 2024-11-21 02:04
NVD link : CVE-2014-1590
Mitre link : CVE-2014-1590
CVE.ORG link : CVE-2014-1590
JSON object : View
Products Affected
mozilla
- firefox
- thunderbird
- seamonkey
- firefox_esr
CWE
CWE-20
Improper Input Validation