High severity7.5NVD Advisory· Published Feb 6, 2014· Updated Apr 29, 2026

CVE-2014-1481

Description

Mozilla Firefox before 27.0 and other Mozilla products allow remote attackers to bypass window object restrictions via inconsistent native getter methods across JavaScript engines.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Mozilla Firefox before 27.0 and other Mozilla products allow remote attackers to bypass window object restrictions via inconsistent native getter methods across JavaScript engines.

Vulnerability

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 contain a vulnerability that allows remote attackers to bypass intended restrictions on window objects. The issue arises from inconsistency in native getter methods across different JavaScript engines [1][3].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious web page that triggers the inconsistency in native getter methods. The victim only needs to visit the page using an affected browser; no additional authentication or user interaction beyond normal browsing is required. The attacker can then bypass security checks on window objects.

Impact

Successful exploitation could allow the attacker to bypass security restrictions and potentially execute arbitrary code with the privileges of the user running the browser [1]. This could lead to full system compromise, including data theft and malware installation.

Mitigation

The vulnerability is fixed in Firefox 27.0, Firefox ESR 24.3, Thunderbird 24.3, and SeaMonkey 2.24. Users should update to these versions or later. Red Hat and Ubuntu have released security updates [1][3]. No workaround is available; updating is the recommended mitigation.

References

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Mozilla Corporation/Firefox3 versions
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <27.0
- (no CPE)range: <24.3
- (no CPE)range: <27.0
Mozilla Corporation/Seamonkey
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Range: <2.24
Mozilla Corporation/Thunderbird2 versions
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <24.3
- (no CPE)range: <24.3
SUSE S.A./Linux Enterprise Software Development Kit
cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*
Canonical/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
OpenSUSE/openSUSE3 versions
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus2 versions
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Tus
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop
cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server2 versions
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:-:*:*+ 1 more
- cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
osv-coords3 versions
pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 2 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 45.5.1-1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.mozilla.org/show_bug.cginvdExploitIssue TrackingVendor Advisory
lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-0132.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-0133.htmlnvdThird Party Advisory
www.debian.org/security/2014/dsa-2858nvdThird Party Advisory
www.mozilla.org/security/announce/2014/mfsa2014-13.htmlnvdVendor Advisory
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvdThird Party Advisory
www.securityfocus.com/bid/65326nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1029717nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1029720nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1029721nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2102-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-2102-2nvdThird Party Advisory
www.ubuntu.com/usn/USN-2119-1nvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/90883nvdThird Party AdvisoryVDB Entry
security.gentoo.org/glsa/201504-01nvdThird Party Advisory
download.novell.com/DownloadnvdBroken Link
download.novell.com/DownloadnvdBroken Link
osvdb.org/102863nvdBroken Link
secunia.com/advisories/56706nvdBroken Link
secunia.com/advisories/56761nvdBroken Link
secunia.com/advisories/56763nvdBroken Link
secunia.com/advisories/56767nvdBroken Link
secunia.com/advisories/56787nvdBroken Link
secunia.com/advisories/56858nvdBroken Link
secunia.com/advisories/56888nvdBroken Link
secunia.com/advisories/56922nvdBroken Link
8pecxstudios.comnvdBroken LinkURL Repurposed

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000