CVE-2014-1483
First published: Thu Feb 06 2014(Updated: )
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Solaris SPARC | =11.3 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =12.10 | |
| Ubuntu Linux | =13.10 | |
| Mozilla Firefox | <27.0 | |
| Mozilla SeaMonkey | <2.24 | |
| SUSE Linux Enterprise Software Development Kit | =11.0-sp3 | |
| openSUSE | =11.4 | |
| openSUSE | =12.3 | |
| openSUSE | =13.1 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| suse linux enterprise server vmware | =11-sp3 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 | |
| Ubuntu | =13.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
- http://osvdb.org/102869
- http://secunia.com/advisories/56706
- http://secunia.com/advisories/56767
- http://secunia.com/advisories/56787
- http://secunia.com/advisories/56888
- http://www.mozilla.org/security/announce/2014/mfsa2014-05.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/65316
- http://www.securitytracker.com/id/1029717
- http://www.securitytracker.com/id/1029720
- http://www.ubuntu.com/usn/USN-2102-1
- http://www.ubuntu.com/usn/USN-2102-2
- https://8pecxstudios.com/?page_id=44080
- https://bugzilla.mozilla.org/show_bug.cgi?id=950427
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90893
- https://security.gentoo.org/glsa/201504-01
Frequently Asked Questions
What is the severity of CVE-2014-1483?
CVE-2014-1483 is considered a medium severity vulnerability as it allows attackers to bypass the Same Origin Policy and access sensitive information.
How do I fix CVE-2014-1483?
To fix CVE-2014-1483, users should update Mozilla Firefox and SeaMonkey to versions 27.0 and 2.24 or later, respectively.
Which software versions are affected by CVE-2014-1483?
CVE-2014-1483 affects Mozilla Firefox versions prior to 27.0 and SeaMonkey versions prior to 2.24, along with certain versions of Ubuntu and openSUSE.
Can CVE-2014-1483 be exploited remotely?
Yes, CVE-2014-1483 can be exploited remotely, allowing attackers to leverage the vulnerability via crafted web content.
What is the primary impact of CVE-2014-1483?
The primary impact of CVE-2014-1483 is the potential exposure of sensitive information due to the bypass of the Same Origin Policy.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/oracle
- canonical/oracle solaris sparc
- version/oracle solaris sparc/11.3
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/12.04
- version/ubuntu linux/12.10
- version/ubuntu linux/13.10
- vendor/mozilla
- canonical/mozilla firefox
- canonical/mozilla seamonkey
- vendor/suse
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11.0-sp3
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- version/opensuse/12.3
- version/opensuse/13.1
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/11-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp3
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp3
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/12.10
- version/ubuntu/13.10