CVE-2014-1504 vulnerability in Mozilla and Other Products
Published on March 19, 2014

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2014-1504

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2014-1504 are published in these products:

Mozilla Firefox

Mozilla SeaMonkey

OpenSuse

Oracle Solaris

Suse Linux Enterprise Desktop

Suse Linux Enterprise Sdk

Suse Linux Enterprise Server

Exploit Probability

EPSS

0.61%

Percentile

69.23%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2014-1504 vulnerability in Mozilla and Other ProductsPublished on March 19, 2014

Products Associated with CVE-2014-1504

Exploit Probability

CVE-2014-1504 vulnerability in Mozilla and Other Products
Published on March 19, 2014