CVE-2014-1529

Priority
Medium
Description
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x
before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows
remote attackers to bypass intended source-component restrictions and
execute arbitrary JavaScript code in a privileged context via a crafted web
page for which Notification.permission is granted.
References
Assigned-to
chrisccoulson
Package
Upstream:released (24.5.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:24.5.0+build1-0ubuntu0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):released (1:24.5.0+build1-0ubuntu0.12.10.1)
Ubuntu 13.10 (Saucy Salamander):released (1:24.5.0+build1-0ubuntu0.13.10.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:24.5.0+build1-0ubuntu0.14.04.1)
Ubuntu 14.10 (Utopic Unicorn):not-affected
Package
Upstream:released (29.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (29.0+build1-0ubuntu0.12.04.2)
Ubuntu 12.10 (Quantal Quetzal):released (29.0+build1-0ubuntu0.12.10.3)
Ubuntu 13.10 (Saucy Salamander):released (29.0+build1-0ubuntu0.13.10.3)
Ubuntu 14.04 LTS (Trusty Tahr):released (29.0+build1-0ubuntu0.14.04.2)
Ubuntu 14.10 (Utopic Unicorn):not-affected (29.0+build1-0ubuntu0.14.04.2)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-05-05 17:14:36 UTC (commit 8014)