CVE-2014-1483

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.

Published: Feb 6, 2014
Updated: Nov 9, 2025
CVE: CVE-2014-1483
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-1021

Affected Software
References

Software	From	Fixed in
oracle / solaris	11.3	11.3.x
canonical / ubuntu_linux	13.10	13.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
mozilla / seamonkey	-	2.24
mozilla / firefox	-	27.0
suse / linux_enterprise_desktop	11-sp3	11-sp3.x
suse / linux_enterprise_server	11-sp3	11-sp3.x
opensuse / opensuse	12.3	12.3.x
suse / suse_linux_enterprise_software_development_kit	11.0-sp3	11.0-sp3.x
opensuse / opensuse	11.4	11.4.x
opensuse / opensuse	13.1	13.1.x

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://osvdb.org/102869
http://secunia.com/advisories/56706
http://secunia.com/advisories/56767
http://secunia.com/advisories/56787
http://secunia.com/advisories/56888
http://www.mozilla.org/security/announce/2014/mfsa2014-05.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/65316
http://www.securitytracker.com/id/1029717
http://www.securitytracker.com/id/1029720
http://www.ubuntu.com/usn/USN-2102-1
http://www.ubuntu.com/usn/USN-2102-2
https://8pecxstudios.com/?page_id=44080
https://bugzilla.mozilla.org/show_bug.cgi?id=950427
https://exchange.xforce.ibmcloud.com/vulnerabilities/90893
https://security.gentoo.org/glsa/201504-01

Vulnerability Database

308,485

CVE-2014-1483

Deep Security Visibility Without the Complexity