CVE-2014-1502

Opensuse < 28.0 - Origin Validation Error

Title source: rule

Description

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

References (8)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html

[Vendor Advisory] http://www.mozilla.org/security/announce/2014/mfsa2014-22.html

[Mailing List, Third Party Advisory] http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

[Issue Tracking, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=972622

[Third Party Advisory] https://security.gentoo.org/glsa/201504-01

Scores

EPSS 0.0028

EPSS Percentile 51.4%

Classification

CWE

CWE-346

Status draft

Affected Products (10)

opensuse/opensuse

opensuse_project/opensuse

opensuse_project/opensuse

suse/linux_enterprise_desktop

suse/linux_enterprise_server

suse/linux_enterprise_server

suse/linux_enterprise_software_development_kit

oracle/solaris

mozilla/firefox < 28.0

mozilla/seamonkey < 2.25

Timeline

Published Mar 19, 2014

Tracked Since Feb 18, 2026