CVE-2014-1487

moderate-risk

Published 2014-02-06

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

Do I need to act?

0.61% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Firefox

Seamonkey

Thunderbird

Suse Linux Enterprise Software Development Kit

Opensuse

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Ubuntu Linux

Debian Linux

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Fedora

Affected Vendors

Canonical Opensuse Debian Redhat Mozilla Suse Fedoraproject

References (66)

Broken Link http://download.novell.com/Download?buildid=VYQsgaFpQ2k

Broken Link http://download.novell.com/Download?buildid=Y2fux-JW1Qc

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.h...

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.h...

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

Broken Link http://osvdb.org/102873

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2014-0132.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2014-0133.html

Broken Link http://secunia.com/advisories/56706

Broken Link http://secunia.com/advisories/56761

Broken Link http://secunia.com/advisories/56763

Broken Link http://secunia.com/advisories/56767

Broken Link http://secunia.com/advisories/56787

Broken Link http://secunia.com/advisories/56858

Broken Link http://secunia.com/advisories/56888

Broken Link http://secunia.com/advisories/56922

Third Party Advisory http://www.debian.org/security/2014/dsa-2858

and 46 more references

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 21/34 · High