PT-2014-1139 · Mozilla+4 · Seamonkey+7

Publicado

2014-02-04

·

Atualizado

2024-12-12

·

CVE-2014-1487

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 27.0 Mozilla Firefox ESR versions 24.x prior to 24.3 Mozilla Thunderbird versions prior to 24.3 Mozilla SeaMonkey versions prior to 2.24
Description The vulnerability is related to errors in the implementation of Web Workers technology, allowing remote attackers to bypass the Same Origin Policy (SOP) and obtain sensitive authentication information using error messages. This issue can be exploited by attackers to gain access to authentication data.
Recommendations For Mozilla Firefox versions prior to 27.0, update to version 27.0 or later. For Mozilla Firefox ESR versions 24.x prior to 24.3, update to version 24.3 or later. For Mozilla Thunderbird versions prior to 24.3, update to version 24.3 or later. For Mozilla SeaMonkey versions prior to 2.24, update to version 2.24 or later.

Exploit

Correção

Origin Validation Error

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-346CWE-255

Identificadores relacionados

ALT-PU-2014-1211
ALT-PU-2014-1212
ALT-PU-2014-1266
BDU:2014-00234
BDU:2014-00235
BDU:2014-00236
BDU:2014-00237
CESA-2014_0132
CESA-2014_0133
CVE-2014-1487
DSA-2858-1
MGASA-2014-0036
MGASA-2014-0048
OPENSUSE-SU-2014_0213-1
OPENSUSE-SU-2014_0419-1
OPENSUSE-SU-2014_1100-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:14572-1
RHSA-2014:0132
RHSA-2014:0133
RHSA-2014_0132
RHSA-2014_0133

Produtos afetados

Alt Linux
Centos
Firefox
Firefox Esr
Seamonkey
Thunderbird
Red Hat
Suse