CVE-2014-1499

EUVD-2014-1575
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
mozillaseamonkey
𝑥
< 2.25
oraclesolaris
11.3
mozillafirefox
𝑥
< 28.0
opensuseopensuse
13.1
opensuse_projectopensuse
11.4
opensuse_projectopensuse
12.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
lucid
ignored
precise
Fixed 28.0+build2-0ubuntu0.12.04.1
released
quantal
Fixed 28.0+build2-0ubuntu0.12.10.1
released
saucy
Fixed 28.0+build2-0ubuntu0.13.10.1
released
References
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
http://www.mozilla.org/security/announce/2014/mfsa2014-19.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://bugzilla.mozilla.org/show_bug.cgi?id=961512
https://security.gentoo.org/glsa/201504-01
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
http://www.mozilla.org/security/announce/2014/mfsa2014-19.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://bugzilla.mozilla.org/show_bug.cgi?id=961512
https://security.gentoo.org/glsa/201504-01