CVE-2014-1487

MEDIUM

Description

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

ID	Name	Product	Family	Severity
82632	GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
75253	openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2014:0212-1)	Nessus	SuSE Local Security Checks	critical
72752	Fedora 19 : thunderbird-24.3.0-1.fc19 (2014-2083)	Nessus	Fedora Local Security Checks	critical
72599	Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2119-1)	Nessus	Ubuntu Local Security Checks	critical
72598	Ubuntu 12.04 LTS / 12.10 / 13.10 : firefox regression (USN-2102-2)	Nessus	Ubuntu Local Security Checks	critical
72554	SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 8879)	Nessus	SuSE Local Security Checks	critical
72438	Debian DSA-2858-1 : iceweasel - several vulnerabilities	Nessus	Debian Local Security Checks	critical
72425	Ubuntu 12.04 LTS / 12.10 / 13.10 : firefox vulnerabilities (USN-2102-1)	Nessus	Ubuntu Local Security Checks	critical
72380	Fedora 20 : thunderbird-24.3.0-1.fc20 (2014-2041)	Nessus	Fedora Local Security Checks	critical
72351	CentOS 5 / 6 : thunderbird (CESA-2014:0133)	Nessus	CentOS Local Security Checks	critical
72350	CentOS 5 / 6 : firefox (CESA-2014:0132)	Nessus	CentOS Local Security Checks	critical
72333	SeaMonkey < 2.24 Multiple Vulnerabilities	Nessus	Windows	critical
72332	Mozilla Thunderbird < 24.3 Multiple Vulnerabilities	Nessus	Windows	critical
72331	Firefox < 27.0 Multiple Vulnerabilities	Nessus	Windows	critical
72330	Firefox ESR 24.x < 24.3 Multiple Vulnerabilities	Nessus	Windows	critical
72329	Thunderbird < 24.3 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
72328	Firefox < 27.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
72327	Firefox ESR 24.x < 24.3 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
72323	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
72322	Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
72318	RHEL 5 / 6 : thunderbird (RHSA-2014:0133)	Nessus	Red Hat Local Security Checks	critical
72317	RHEL 5 / 6 : firefox (RHSA-2014:0132)	Nessus	Red Hat Local Security Checks	critical
72316	Oracle Linux 6 : thunderbird (ELSA-2014-0133)	Nessus	Oracle Linux Local Security Checks	critical
72315	Oracle Linux 5 / 6 : firefox (ELSA-2014-0132)	Nessus	Oracle Linux Local Security Checks	critical
72312	FreeBSD : mozilla -- multiple vulnerabilities (1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8)	Nessus	FreeBSD Local Security Checks	critical
8100	Mozilla Thunderbird < 24.3 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
8099	SeaMonkey < 2.24 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
8098	Mozilla Firefox < 27.0 / Firefox ESR 24.x < 24.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high

CVE-2014-1487

Description

References

Details

Risk Information

CVSS v2.0