CVE-2014-1586 — Mozilla Firefox vulnerability

9 documents6 sources

Severity

5.0MEDIUMNVD

OSV7.5

EPSS

0.7%

top 28.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedOct 15

Latest updateMay 17

Description

content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶Ubuntumozilla/firefox< 33.0+build2-0ubuntu0.14.04.1

▶NVDmozilla/firefox32.0+3

▶Ubuntumozilla/thunderbird< 1:31.2.0+build2-0ubuntu0.14.04.1

▶NVDmozilla/thunderbird31.0, 31.1.0+1

🔴Vulnerability Details

GHSA

GHSA-539x-x6m2-jhf2: content/base/src/nsDocument↗2022-05-17

▶

OSV

thunderbird vulnerabilities↗2014-10-15

▶

OSV

firefox vulnerabilities↗2014-10-14

▶

OSV

CVE-2014-1586: content/base/src/nsDocument↗2014-10-14

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2014-10-15

▶

Ubuntu

Firefox vulnerabilities↗2014-10-14

▶

Red Hat

Mozilla: Inconsistent video sharing within iframe (MFSA 2014-81)↗2014-10-14

▶

💬Community

Bugzilla

CVE-2014-1585 CVE-2014-1586 Mozilla: Inconsistent video sharing within iframe (MFSA 2014-81)↗2014-10-14

▶