CVE-2014-1487

HIGH

Firefox < 27.0 - Origin Validation Error via Web Workers Error Messages

Title source: llm
STIX 2.1

Description

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

References (33)

Core 33
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2119-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029721
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=947592
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029717
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65330
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90889
Broken Link, URL Repurposed x_refsource_confirm
https://8pecxstudios.com/?page_id=44080
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0132.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56922
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56787
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029720
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56858
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2858
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56763
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2102-2
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/102873
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0133.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56888
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56761
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2102-1
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56767
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56706

Scores

CVSS v3 7.5
EPSS 0.0061
EPSS Percentile 70.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-346
Status published
Products (25)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
canonical/ubuntu_linux 13.10
debian/debian_linux 7.0
fedoraproject/fedora 19
fedoraproject/fedora 20
mozilla/firefox < 27.0
mozilla/seamonkey < 2.24
mozilla/thunderbird < 24.3
opensuse/opensuse 11.4
... and 15 more
Published Feb 06, 2014
Tracked Since Feb 18, 2026