What is CVE-2014-1510?

CVE-2014-1510 is a critical-severity vulnerability in Mozilla Firefox, classified under Improper Privilege Management. CVSS score: 9.8/10. Published 2014-03-19.

How severe is CVE-2014-1510?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2014-1510 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Privilege escalation in Mozilla Firefox

CVE-2014-1510

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL…

Vulnerability class: Privilege Escalation

EPSS: 0.711 (98.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Canonical Ubuntu_linux — versions 12.04, 12.10, 13.10
Debian Debian_linux — versions 7.0, 8.0
Opensuse — versions 11.4, 12.3, 13.1
Redhat Enterprise_linux_desktop — versions 5.0, 6.0
Redhat Enterprise_linux_eus — versions 6.5
Redhat Enterprise_linux_server — versions 5.0, 6.0
Redhat Enterprise_linux_server_aus — versions 6.5

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

Public proof-of-concept exploits

rapid7/metasploit-framework

References

RHSA-2014:0310 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
DSA-2911 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
GLSA-201504-01 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
SUSE-SU-2014:0418 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
USN-2151-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
66206 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
DSA-2881 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
security@mozilla.org (x_refsource_CONFIRM, Exploit, Issue Tracking, Vendor Advisory)
openSUSE-SU-2014:0419 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2014-1510?: CVE-2014-1510 is a critical-severity vulnerability in Mozilla Firefox, classified under Improper Privilege Management. CVSS score: 9.8/10. Published 2014-03-19.
How severe is CVE-2014-1510?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2014-1510 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.