CVE-2014-1483

2014-02-0605:44:00

CWE-1021

[email protected]

web.nvd.nist.gov

cve-2014-1483

same origin policy

firefox

seamonkey

information security

vulnerability

nvd

8.9 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.2%

JSON

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.

CPENameOperatorVersion
oracle:solarisoracle solariseq11.3
canonical:ubuntu_linuxcanonical ubuntu linuxeq13.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
mozilla:seamonkeymozilla seamonkeylt2.24
mozilla:firefoxmozilla firefoxlt27.0
suse:linux_enterprise_desktopsuse linux enterprise desktopeq11
suse:linux_enterprise_serversuse linux enterprise servereq11
opensuse:opensuseopensuseeq12.3
suse:suse_linux_enterprise_software_development_kitsuse suse linux enterprise software development kiteq11.0

CPE	Name	Operator	Version
oracle:solaris	oracle solaris	eq	11.3
canonical:ubuntu_linux	canonical ubuntu linux	eq	13.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
mozilla:seamonkey	mozilla seamonkey	lt	2.24
mozilla:firefox	mozilla firefox	lt	27.0
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	11
suse:linux_enterprise_server	suse linux enterprise server	eq	11
opensuse:opensuse	opensuse	eq	12.3
suse:suse_linux_enterprise_software_development_kit	suse suse linux enterprise software development kit	eq	11.0