Vulnerability Details : CVE-2014-1499
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.
Exploit prediction scoring system (EPSS) score for CVE-2014-1499
Probability of exploitation activity in the next 30 days: 0.60%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 76 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-1499
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2014-1499
-
https://bugzilla.mozilla.org/show_bug.cgi?id=961512
961512 - (CVE-2014-1499) WebRTC permission prompt can show the wrong domain name, potentially making it possible for the page to spoof the domain name the access to the webcam/mic is requested fromIssue Tracking;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
[security-announce] openSUSE-SU-2014:0419-1: important: Mozilla updatesMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
[security-announce] openSUSE-SU-2014:0584-1: important: MozillaThunderbiMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016Third Party Advisory
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo securityThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
[security-announce] SUSE-SU-2014:0418-1: important: Security update forMailing List;Third Party Advisory
-
http://www.mozilla.org/security/announce/2014/mfsa2014-19.html
Spoofing attack on WebRTC permission prompt — MozillaVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
[security-announce] openSUSE-SU-2014:0448-1: important: MozillaFirefox:Mailing List;Third Party Advisory
Products affected by CVE-2014-1499
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse_project:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse_project:opensuse:12.3:*:*:*:*:*:*:*