CVE-2014-1505 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

7.5HIGHNVD

CNA4.3

EPSS

0.6%

top 31.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +13 more

Timeline

PublishedMar 19

Latest updateMay 13

Description

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶NVDmozilla/firefox24.0 — 24.4+1

▶NVDmozilla/seamonkey< 2.25

▶NVDmozilla/thunderbird< 24.4

▶NVDopensuse/opensuse11.4, 12.3, 13.1+2

▶NVDredhat/enterprise_linux_server5.0, 6.0+1

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 12.10, 13.10, Enterprise Linux 6.5

🔴Vulnerability Details

GHSA

GHSA-5656-j8pw-q247: The SVG filter implementation in Mozilla Firefox before 28↗2022-05-13

▶

CVEList

CVE-2014-1505: The SVG filter implementation in Mozilla Firefox before 28↗2014-03-19

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2014-03-21

▶

Red Hat

Mozilla: SVG filters information disclosure through feDisplacementMap (MFSA 2014-28)↗2014-03-18

▶

Ubuntu

Firefox vulnerabilities↗2014-03-18

▶

💬Community

Bugzilla

CVE-2014-1505 Mozilla: SVG filters information disclosure through feDisplacementMap (MFSA 2014-28)↗2014-03-17

▶