6.8

CVE-2014-1502

EPSS 0.28%
Published 19.03.2014 10:55:06
Last modified 12.04.2025 10:46:40
Source security@mozilla.org
Teams watchlist Login
Open Login

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Opensuse ≫ Opensuse Version13.1

Opensuse Project ≫ Opensuse Version11.4

Opensuse Project ≫ Opensuse Version12.3

Suse ≫ Linux Enterprise Desktop Version11 Updatesp3

Suse ≫ Linux Enterprise Server Version11 Updatesp3

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware

Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp3

Oracle ≫ Solaris Version11.3

Mozilla ≫ Firefox Version < 28.0

Mozilla ≫ Seamonkey Version < 2.25

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.28%	0.488

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory

Mailing List

https://security.gentoo.org/glsa/201504-01

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html

Third Party Advisory

Mailing List

http://www.mozilla.org/security/announce/2014/mfsa2014-22.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=972622

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2014-1502

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-1502

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-1502

EUVD