CVE-2014-1483

high

Description

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.

References

https://security.gentoo.org/glsa/201504-01

https://exchange.xforce.ibmcloud.com/vulnerabilities/90893

https://bugzilla.mozilla.org/show_bug.cgi?id=950427

http://www.ubuntu.com/usn/USN-2102-2

http://www.ubuntu.com/usn/USN-2102-1

http://www.securitytracker.com/id/1029720

http://www.securitytracker.com/id/1029717

http://www.securityfocus.com/bid/65316

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.mozilla.org/security/announce/2014/mfsa2014-05.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

Details

Source: Mitre, NVD

Published: 2014-02-06

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High