Vulnerability Details : CVE-2014-1483
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.
Products affected by CVE-2014-1483
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1483
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1483
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-1483
-
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1483
-
http://secunia.com/advisories/56706
Sign inBroken Link
-
http://secunia.com/advisories/56888
Sign inBroken Link
-
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
[security-announce] SUSE-SU-2014:0248-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
[security-announce] openSUSE-SU-2014:0419-1: important: Mozilla updatesMailing List;Third Party Advisory
-
https://8pecxstudios.com/?page_id=44080
Broken Link;URL Repurposed
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016Third Party Advisory
-
http://osvdb.org/102869
Broken Link
-
https://bugzilla.mozilla.org/show_bug.cgi?id=950427
950427 - (CVE-2014-1483) caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing informationIssue Tracking;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
[security-announce] openSUSE-SU-2014:0212-1: important: Mozilla FirefoxMailing List;Third Party Advisory
-
http://secunia.com/advisories/56787
Sign inBroken Link
-
http://www.securitytracker.com/id/1029717
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo securityThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2102-2
USN-2102-2: Firefox regression | Ubuntu security noticesThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90893
Mozilla Firefox and SeaMonkey document.caretPositionFromPoint information disclosure CVE-2014-1483 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/65316
Mozilla Firefox/SeaMonkey CVE-2014-1483 Multiple Information Disclosure VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-2102-1
USN-2102-1: Firefox vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://secunia.com/advisories/56767
Sign inBroken Link
-
http://www.securitytracker.com/id/1029720
Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.mozilla.org/security/announce/2014/mfsa2014-05.html
Information disclosure with *FromPoint on iframes — MozillaVendor Advisory
Jump to