CVE-2014-1499

high

Description

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.

References

Advisories
More

https://security.gentoo.org/glsa/201504-01

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

https://bugzilla.mozilla.org/show_bug.cgi?id=961512

http://www.mozilla.org/security/announce/2014/mfsa2014-19.html

Details

Source: Mitre, NVD

Published: 2014-03-19

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.00611

Detections

Analytics