Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Firefox ESR, Thunderbird, and SeaMonkey

Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Firefox ESR, Thunderbird, and SeaMonkey

CVE-2014-1530 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.

Learn more about our Web App Pen Testing.