PT-2014-1158 · Mozilla+2 · Firefox+3

Publicado

2014-02-04

Atualizado

2024-12-12

CVE-2014-1483

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 27.0 SeaMonkey versions prior to 2.24

Description The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions. This can be exploited to gain access to confidential information.

Recommendations For Mozilla Firefox versions prior to 27.0, update to version 27.0 or later to resolve the issue. For SeaMonkey versions prior to 2.24, update to version 2.24 or later to resolve the issue. As a temporary workaround, consider restricting the use of the document.caretPositionFromPoint and document.elementFromPoint functions until a patch is available.

Exploit

Correção

Information Disclosure

Clickjacking

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-1021

Identificadores relacionados

ALT-PU-2014-1211

ALT-PU-2014-1266

BDU:2014-00274

BDU:2014-00275

CVE-2014-1483

MGASA-2014-0048

OPENSUSE-SU-2014_0419-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

Produtos afetados

Alt Linux

Firefox

Seamonkey

Suse

PT-2014-1158 · Mozilla+2 · Firefox+3

CVE-2014-1483

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3115