CVE Vulnerabilities

CVE-2014-1502

Origin Validation Error

Published: Mar 19, 2014 | Modified: Aug 14, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
5.1 MODERATE
AV:N/AC:H/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

Weakness

The product does not properly verify that the source of data or communication is valid.

Affected Software

Name Vendor Start Version End Version
Opensuse Opensuse 13.1 13.1
Opensuse Opensuse_project 11.4 11.4
Opensuse Opensuse_project 12.3 12.3
Firefox Ubuntu devel *
Firefox Ubuntu lucid *
Firefox Ubuntu precise *
Firefox Ubuntu quantal *
Firefox Ubuntu saucy *
Firefox Ubuntu upstream *

References