CVE-2014-1483 — MEDIUM (5.0)

Q: How severe is CVE-2014-1483?

CVE-2014-1483 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-1483?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Solaris, Canonical Ubuntu Linux, Mozilla Firefox, Mozilla Seamonkey, Suse Suse Linux Enterprise Software Development Kit.

Vulnerability Description

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Oracle	Solaris	11.3
Canonical	Ubuntu Linux	12.04
Mozilla	Firefox	< 27.0
Mozilla	Seamonkey	< 2.24
Suse	Suse Linux Enterprise Software Development Kit	11.0
Opensuse	Opensuse	11.4
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise Server	11

Related Weaknesses (CWE)

CWE-1021

References

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.htmlMailing ListThird Party Advisory
http://osvdb.org/102869Broken Link
http://secunia.com/advisories/56706Broken Link
http://secunia.com/advisories/56767Broken Link
http://secunia.com/advisories/56787Broken Link
http://secunia.com/advisories/56888Broken Link
http://www.mozilla.org/security/announce/2014/mfsa2014-05.htmlVendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
http://www.securityfocus.com/bid/65316Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1029717Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1029720Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2102-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2102-2Third Party Advisory

FAQ

What is CVE-2014-1483?

CVE-2014-1483 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain ti...

How severe is CVE-2014-1483?

CVE-2014-1483 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-1483?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Solaris, Canonical Ubuntu Linux, Mozilla Firefox, Mozilla Seamonkey, Suse Suse Linux Enterprise Software Development Kit.