6.8

CVE-2014-1502

EPSS 0.28%
Veröffentlicht 19.03.2014 10:55:06
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensuse ≫ Opensuse Version13.1

Opensuse Project ≫ Opensuse Version11.4

Opensuse Project ≫ Opensuse Version12.3

Suse ≫ Linux Enterprise Desktop Version11 Updatesp3

Suse ≫ Linux Enterprise Server Version11 Updatesp3

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware

Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp3

Oracle ≫ Solaris Version11.3

Mozilla ≫ Firefox Version < 28.0

Mozilla ≫ Seamonkey Version < 2.25

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.488

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory

Mailing List

https://security.gentoo.org/glsa/201504-01

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html

Third Party Advisory

Mailing List

http://www.mozilla.org/security/announce/2014/mfsa2014-22.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=972622

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2014-1502

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-1502

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-1502

EUVD