Unrated severityNVD Advisory· Published Dec 11, 2014· Updated May 6, 2026

CVE-2014-1589

Description

Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.

Affected products

Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Range: <=33.0
Mozilla Corporation/Seamonkey
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Range: <=2.30

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mozilla.org/security/announce/2014/mfsa2014-84.htmlnvdVendor Advisory
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvd
bugzilla.mozilla.org/show_bug.cginvd
security.gentoo.org/glsa/201504-01nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000