Unrated severityNVD Advisory· Published Feb 6, 2014· Updated Jun 17, 2026
CVE-2014-1485
CVE-2014-1485
Description
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <27.0
- (no CPE)range: <27.0
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*range: <2.24
- (no CPE)range: <2.24
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
Patches
Vulnerability mechanics
References
19- lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.htmlnvdMailing ListThird Party Advisory
- www.mozilla.org/security/announce/2014/mfsa2014-07.htmlnvdVendor Advisory
- www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/65322nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1029717nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1029720nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2102-1nvdThird Party Advisory
- www.ubuntu.com/usn/USN-2102-2nvdThird Party Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/90891nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201504-01nvdThird Party Advisory
- osvdb.org/102871nvdBroken Link
- secunia.com/advisories/56706nvdBroken Link
- secunia.com/advisories/56767nvdBroken Link
- secunia.com/advisories/56787nvdBroken Link
- secunia.com/advisories/56888nvdBroken Link
- 8pecxstudios.comnvdBroken LinkURL Repurposed
News mentions
0No linked articles in our index yet.