CVE-2014-1511

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	28.0 (excluding)
Firefox_esr	Mozilla	24.0 (including)	24.4 (excluding)
Seamonkey	Mozilla	*	2.25 (excluding)
Thunderbird	Mozilla	*	24.4 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/233.html
https://cwe.mitre.org/data/definitions/58.html

References

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
http://rhn.redhat.com/errata/RHSA-2014-0310.html
http://rhn.redhat.com/errata/RHSA-2014-0316.html
http://www.debian.org/security/2014/dsa-2881
http://www.debian.org/security/2014/dsa-2911
http://www.mozilla.org/security/announce/2014/mfsa2014-29.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/66207
http://www.ubuntu.com/usn/USN-2151-1
https://bugzilla.mozilla.org/show_bug.cgi?id=982909
https://security.gentoo.org/glsa/201504-01

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-1511
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References