Vulnerability in Mozilla Firefox
CVE-2014-1499
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.
EPSS: 0.006 (70.2th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox
- Mozilla Seamonkey
- Opensuse_project Opensuse — versions 11.4, 12.3
- Oracle Solaris — versions 11.3
- Opensuse — versions 13.1
- Suse Linux_enterprise_desktop — versions 11
- Suse Linux_enterprise_server — versions 11
- Suse Linux_enterprise_software_development_kit — versions 11
- N/a — versions n/a
References
- security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
- security@mozilla.org (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
- GLSA-201504-01 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
- SUSE-SU-2014:0418 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
- openSUSE-SU-2014:0419 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- openSUSE-SU-2014:0584 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- openSUSE-SU-2014:0448 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)