CVE-2014-1502
First published: Wed Mar 19 2014(Updated: )
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openSUSE | =13.1 | |
| openSUSE | =11.4 | |
| openSUSE | =12.3 | |
| SUSE Linux Enterprise Desktop | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp3 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =11.3 | |
| Firefox | <28.0 | |
| Mozilla SeaMonkey | <2.25 | |
| =13.1 | ||
| =11.4 | ||
| =12.3 | ||
| =11-sp3 | ||
| =11-sp3 | ||
| =11-sp3 | ||
| =11-sp3 | ||
| =11.3 | ||
| <28.0 | ||
| <2.25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-22.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=972622
- https://security.gentoo.org/glsa/201504-01
Frequently Asked Questions
What is the severity of CVE-2014-1502?
CVE-2014-1502 is considered a medium severity vulnerability that allows bypassing the Same Origin Policy.
How do I fix CVE-2014-1502?
To fix CVE-2014-1502, upgrade to Mozilla Firefox version 28.0 or later, or SeaMonkey version 2.25 or later.
Who is affected by CVE-2014-1502?
CVE-2014-1502 affects users of Mozilla Firefox versions before 28.0 and SeaMonkey versions before 2.25, along with specific versions of openSUSE and SUSE Linux Enterprise.
What is the impact of exploiting CVE-2014-1502?
Exploitation of CVE-2014-1502 could allow remote attackers to render content from a different domain, compromising web application security.
Are there any workarounds for CVE-2014-1502?
There are no known workarounds for CVE-2014-1502 other than updating the affected software to a fixed version.
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.1
- vendor/opensuse project
- version/opensuse/11.4
- version/opensuse/12.3
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp3
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11-sp3
- vendor/oracle
- canonical/oracle solaris and zettabyte file system (zfs)
- version/oracle solaris and zettabyte file system (zfs)/11.3
- vendor/mozilla
- canonical/firefox
- canonical/mozilla seamonkey