Description
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.
References (8)
Core 8
Core References
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2014/mfsa2014-19.html
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=961512
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
Scores
EPSS
0.0061
EPSS Percentile
70.0%
Details
Status
published
Products (9)
mozilla/firefox
< 28.0
mozilla/seamonkey
< 2.25
opensuse/opensuse
13.1
opensuse_project/opensuse
11.4
opensuse_project/opensuse
12.3
oracle/solaris
11.3
suse/linux_enterprise_desktop
11 sp3
suse/linux_enterprise_server
11 sp3 (2 CPE variants)
suse/linux_enterprise_software_development_kit
11 sp3
Published
Mar 19, 2014
Tracked Since
Feb 18, 2026