CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

Published: Feb 6, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-1487
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-346

Affected Software
References

Software	From	Fixed in
mozilla / seamonkey	-	2.24
mozilla / firefox	-	27.0
mozilla / firefox_esr	24.0	24.3
mozilla / thunderbird	-	24.3
fedoraproject / fedora	20	20.x
fedoraproject / fedora	19	19.x
opensuse / opensuse	12.3	12.3.x
suse / suse_linux_enterprise_software_development_kit	11.0-sp3	11.0-sp3.x
opensuse / opensuse	11.4	11.4.x
opensuse / opensuse	13.1	13.1.x
suse / suse_linux_enterprise_desktop	11-sp3	11-sp3.x
suse / suse_linux_enterprise_server	11-sp3	11-sp3.x
canonical / ubuntu_linux	13.10	13.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
debian / debian_linux	7.0	7.0.x
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux_server_eus	6.5	6.5.x
redhat / enterprise_linux_workstation	5.0	5.0.x
redhat / enterprise_linux_server_aus	6.5	6.5.x
redhat / enterprise_linux_server_tus	6.5	6.5.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x
redhat / enterprise_linux_eus	6.5	6.5.x

Vulnerability Database

289,599

CVE-2014-1487