CVE-2014-1502 — Origin Validation Error in Mozilla Firefox

CWE-346 — Origin Validation Error6 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

0.3%

top 48.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

8

Mozilla Firefox Mozilla Seamonkey Opensuse +5 more

Timeline

PublishedMar 19

Latest updateMay 13

Description

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages8 packages

▶NVDmozilla/firefox< 28.0

▶NVDmozilla/seamonkey< 2.25

▶NVDoracle/solaris11.3

▶NVDopensuse/opensuse13.1

▶NVDopensuse_project/opensuse11.4, 12.3+1

🔴Vulnerability Details

2

GHSA

GHSA-3h25-cxxm-9425: The (1) WebGL↗2022-05-13

▶

CVEList

CVE-2014-1502: The (1) WebGL↗2014-03-19

▶

📋Vendor Advisories

2

Red Hat

Mozilla: WebGL content injection from one domain to rendering in another (MFSA 2014-22)↗2014-03-18

▶

Ubuntu

Firefox vulnerabilities↗2014-03-18

▶

💬Community

1

Bugzilla

CVE-2014-1502 Mozilla: WebGL content injection from one domain to rendering in another (MFSA 2014-22)↗2014-03-17

▶

CVE-2014-1502 — Origin Validation Error in Mozilla | cvebase