CVE-2014-1499

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
mozillaseamonkey
𝑥
< 2.25
oraclesolaris
11.3
mozillafirefox
𝑥
< 28.0
opensuseopensuse
13.1
opensuse_projectopensuse
11.4
opensuse_projectopensuse
12.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
saucy
Fixed 28.0+build2-0ubuntu0.13.10.1
released
quantal
Fixed 28.0+build2-0ubuntu0.12.10.1
released
precise
Fixed 28.0+build2-0ubuntu0.12.04.1
released
lucid
ignored
References
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
http://www.mozilla.org/security/announce/2014/mfsa2014-19.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://bugzilla.mozilla.org/show_bug.cgi?id=961512
https://security.gentoo.org/glsa/201504-01
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
http://www.mozilla.org/security/announce/2014/mfsa2014-19.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://bugzilla.mozilla.org/show_bug.cgi?id=961512
https://security.gentoo.org/glsa/201504-01