CVE-2014-1483 — UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021 — UI Misrepresentation / Clickjacking6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 48.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Canonical Ubuntu Linux +5 more

Timeline

PublishedFeb 6

Latest updateMay 13

Description

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages7 packages

▶NVDmozilla/firefox< 27.0

▶NVDmozilla/seamonkey< 2.24

▶NVDoracle/solaris11.3

▶NVDopensuse/opensuse11.4, 12.3, 13.1+2

▶NVDsuse/linux_enterprise_server11

Also affects: Ubuntu Linux 12.04, 12.10, 13.10

🔴Vulnerability Details

GHSA

GHSA-86vg-9cc8-8gmf: Mozilla Firefox before 27↗2022-05-13

▶

CVEList

CVE-2014-1483: Mozilla Firefox before 27↗2014-02-06

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2014-02-10

▶

Red Hat

Mozilla: Information disclosure with *FromPoint on iframes (MFSA 2014-05)↗2014-02-04

▶

💬Community

Bugzilla

CVE-2014-1483 Mozilla: Information disclosure with *FromPoint on iframes (MFSA 2014-05)↗2014-02-04

▶