Unrated severityNVD Advisory· Published Dec 11, 2014· Updated Jun 17, 2026
CVE-2014-1590
CVE-2014-1590
Description
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=31.2
- (no CPE)range: <34.0
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <=31.2
- (no CPE)range: <31.3
- osv-coords3 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 2 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 45.5.1-1.1
Patches
Vulnerability mechanics
References
9- www.mozilla.org/security/announce/2014/mfsa2014-85.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.htmlnvd
- www.debian.org/security/2014/dsa-3090nvd
- www.debian.org/security/2014/dsa-3092nvd
- www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlnvd
- www.securityfocus.com/bid/71397nvd
- bugzilla.mozilla.org/show_bug.cginvd
- security.gentoo.org/glsa/201504-01nvd
News mentions
0No linked articles in our index yet.