CVE-2014-1499

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.

Published: Mar 19, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-1499
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
suse / linux_enterprise_desktop	11-sp3	11-sp3.x
suse / linux_enterprise_server	11-sp3	11-sp3.x
suse / linux_enterprise_software_development_kit	11-sp3	11-sp3.x
mozilla / seamonkey	-	2.25
oracle / solaris	11.3	11.3.x
mozilla / firefox	-	28.0
opensuse_project / opensuse	12.3	12.3.x
opensuse_project / opensuse	11.4	11.4.x
opensuse / opensuse	13.1	13.1.x

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
http://www.mozilla.org/security/announce/2014/mfsa2014-19.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://bugzilla.mozilla.org/show_bug.cgi?id=961512
https://security.gentoo.org/glsa/201504-01

Vulnerability Database

289,599

CVE-2014-1499