PT-2014-1158 · Mozilla+2 · Firefox+3

Published

2014-02-04

Updated

2024-12-12

CVE-2014-1483

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 27.0 SeaMonkey versions prior to 2.24

Description The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions. This can be exploited to gain access to confidential information.

Recommendations For Mozilla Firefox versions prior to 27.0, update to version 27.0 or later to resolve the issue. For SeaMonkey versions prior to 2.24, update to version 2.24 or later to resolve the issue. As a temporary workaround, consider restricting the use of the document.caretPositionFromPoint and document.elementFromPoint functions until a patch is available.

Exploit

Fix

Information Disclosure

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-1021

Related Identifiers

ALT-PU-2014-1211

ALT-PU-2014-1266

BDU:2014-00274

BDU:2014-00275

CVE-2014-1483

MGASA-2014-0048

OPENSUSE-SU-2014_0419-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Firefox

Seamonkey

Suse

PT-2014-1158 · Mozilla+2 · Firefox+3

CVE-2014-1483

Weakness Enumeration

Related Identifiers

Affected Products

References · 3115