Detections
Analytics
CVE-2014-1585
medium
Description
The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming.
References
https://security.gentoo.org/glsa/201504-01
https://bugzilla.mozilla.org/show_bug.cgi?id=1062876
http://www.ubuntu.com/usn/USN-2373-1
http://www.ubuntu.com/usn/USN-2372-1
http://www.securitytracker.com/id/1031030
http://www.securitytracker.com/id/1031028
http://www.securityfocus.com/bid/70425
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.mozilla.org/security/announce/2014/mfsa2014-81.html
http://www.debian.org/security/2014/dsa-3061
http://www.debian.org/security/2014/dsa-3050
http://secunia.com/advisories/62023
http://secunia.com/advisories/62022
http://secunia.com/advisories/62021
http://secunia.com/advisories/61387
http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html
http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html
http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html
http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html