Vulnerability Name:

CVE-2014-1502 (CCN-91863)

Assigned:2014-03-18
Published:2014-03-18
Updated:2020-08-14
Summary:The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-346
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2014-1502

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SU-2014:0418

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2014:0419

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2014:0448

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2014:0584

Source: CCN
Type: SA57500
Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities

Source: CCN
Type: SA57510
Mozilla Firefox Multiple Vulnerabilities

Source: CCN
Type: MFSA 2014-22
WebGL content injection from one domain to rendering in another

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2014/mfsa2014-22.html

Source: CONFIRM
Type: Mailing List, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: CCN
Type: BID-66422
Mozilla Firefox/SeaMonkey CVE-2014-1502 Security Bypass Vulnerability

Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=972622

Source: XF
Type: UNKNOWN
firefox-cve20141502-sec-bypass(91863)

Source: GENTOO
Type: Third Party Advisory
GLSA-201504-01

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-1502

Vulnerable Configuration:Configuration 1:
  • cpe:/o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse_project:opensuse:11.4:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse_project:opensuse:12.3:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
  • OR cpe:/o:opensuse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
  • OR cpe:/o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:oracle:solaris:11.3:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version < 28.0)

  • Configuration 5:
  • cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version < 2.25)

  • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:27.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:2.24:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:609
    P
    Security update for sqlite3 (Moderate) (in QA)
    2022-10-04
    oval:org.opensuse.security:def:20141502
    V
    CVE-2014-1502
    2022-06-30
    oval:org.opensuse.security:def:1301
    P
    Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP3) (Important)
    2022-04-14
    oval:org.opensuse.security:def:111898
    P
    MozillaFirefox-50.1.0-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:113433
    P
    seamonkey-2.40-6.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:945
    P
    Security update for net-snmp (Important)
    2022-01-11
    oval:org.opensuse.security:def:30166
    P
    Security update for chrony (Moderate)
    2021-12-22
    oval:org.opensuse.security:def:55979
    P
    Security update for clamav (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:33047
    P
    Security update for webkit2gtk3 (Important)
    2021-11-23
    oval:org.opensuse.security:def:33741
    P
    Security update for postgresql, postgresql13, postgresql14 (Important)
    2021-11-20
    oval:org.opensuse.security:def:30147
    P
    Security update for MozillaFirefox (Important)
    2021-11-17
    oval:org.opensuse.security:def:33024
    P
    Security update for util-linux (Moderate)
    2021-10-19
    oval:org.opensuse.security:def:33729
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:105475
    P
    MozillaFirefox-50.1.0-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:106834
    P
    seamonkey-2.40-6.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:29417
    P
    Security update for libesmtp (Important)
    2021-09-02
    oval:org.opensuse.security:def:32985
    P
    Security update for openssl (Important)
    2021-08-24
    oval:org.opensuse.security:def:47131
    P
    ppc64-diag-2.7.1-5.6 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47591
    P
    dbus-1-1.8.22-29.10.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48129
    P
    libjansson4-2.12-3.5.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48358
    P
    zypper-1.13.51-21.26.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47145
    P
    rpcbind-0.2.3-21.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47683
    P
    libXrender1-0.9.8-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48191
    P
    libsmi-0.4.8-18.55 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47266
    P
    glib2-lang-2.48.2-10.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47831
    P
    mutt-1.10.1-55.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48256
    P
    pam_krb5-2.4.4-4.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47130
    P
    powerpc-utils-1.3.2-17.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47459
    P
    pam_krb5-2.4.4-4.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48045
    P
    ibus-chewing-1.4.14-4.11 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48287
    P
    python-pywbem-0.7.0-4.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:29406
    P
    Security update for cpio (Important)
    2021-08-14
    oval:org.opensuse.security:def:30108
    P
    Security update for libsndfile (Critical)
    2021-08-05
    oval:org.opensuse.security:def:29405
    P
    Security update for djvulibre (Important)
    2021-08-05
    oval:org.opensuse.security:def:30210
    P
    Security update for ucode-intel (Important)
    2021-06-10
    oval:org.opensuse.security:def:32936
    P
    Security update for shim (Important)
    2021-06-08
    oval:org.opensuse.security:def:55898
    P
    Security update for python3 (Important)
    2021-05-17
    oval:org.opensuse.security:def:33645
    P
    Security update for samba (Important)
    2021-05-04
    oval:org.opensuse.security:def:30059
    P
    Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP2) (Important)
    2021-04-12
    oval:org.opensuse.security:def:29489
    P
    Security update for nghttp2 (Important)
    2021-03-24
    oval:org.opensuse.security:def:34044
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:55860
    P
    Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:33091
    P
    Security update for openldap2 (Important)
    2021-03-03
    oval:org.opensuse.security:def:55301
    P
    Security update for python-cryptography (Important)
    2021-03-02
    oval:org.opensuse.security:def:28942
    P
    Security update for java-1_8_0-ibm (Important)
    2021-02-26
    oval:org.opensuse.security:def:32261
    P
    Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:32262
    P
    Security update for java-1_8_0-openjdk (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:33768
    P
    Security update for java-1_7_1-ibm (Important)
    2021-02-18
    oval:org.opensuse.security:def:32273
    P
    Security update for MozillaFirefox (Important)
    2021-01-12
    oval:org.opensuse.security:def:30004
    P
    Security update for flac (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:55135
    P
    Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:55786
    P
    Security update for xen (Moderate)
    2020-12-22
    oval:org.opensuse.security:def:62390
    P
    MozillaFirefox-52.7.3-1.35 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72109
    P
    MozillaFirefox-52.7.3-1.35 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:26285
    P
    Security update for the Linux Kernel (Critical)
    2020-12-01
    oval:org.opensuse.security:def:26569
    P
    kde4-kgreeter-plugins on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26914
    P
    gvim on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27060
    P
    xorg-x11-libs-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28251
    P
    Security update for libxml2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27420
    P
    imlib2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27794
    P
    Security update for libgcrypt
    2020-12-01
    oval:org.opensuse.security:def:27949
    P
    Security update for GraphicsMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28330
    P
    Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28687
    P
    Security update for flash-player (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28981
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28666
    P
    Security update for MozillaFirefox
    2020-12-01
    oval:org.opensuse.security:def:29765
    P
    Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:30848
    P
    Security update for dhcp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54456
    P
    e2fsprogs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55029
    P
    vino on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55694
    P
    Security update for ghostscript (Low)
    2020-12-01
    oval:org.opensuse.security:def:32485
    P
    PolicyKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32879
    P
    gvim on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33509
    P
    Security update for openswan
    2020-12-01
    oval:org.opensuse.security:def:33887
    P
    Security update for kdebase4-runtime
    2020-12-01
    oval:org.opensuse.security:def:34190
    P
    Security update for opie
    2020-12-01
    oval:org.opensuse.security:def:34897
    P
    Security update for dbus-1
    2020-12-01
    oval:org.opensuse.security:def:26296
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26626
    P
    pam_mount on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26963
    P
    libpng12-0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27698
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:27217
    P
    libsoup-2_4-1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27502
    P
    libwpd-0_8-8 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27847
    P
    Security update for openldap2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27993
    P
    Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28461
    P
    Security update for xorg-x11-libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28839
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28998
    P
    Security update for gnutls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29851
    P
    Security update for Linux Kernel
    2020-12-01
    oval:org.opensuse.security:def:29716
    P
    Security update for MozillaFirefox
    2020-12-01
    oval:org.opensuse.security:def:54478
    P
    glib2-lang on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32579
    P
    mozilla-xulrunner190 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33415
    P
    Security update for zeromq (Important)
    2020-12-01
    oval:org.opensuse.security:def:34215
    P
    Security update for php5 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26284
    P
    Security update for taglib (Low)
    2020-12-01
    oval:org.opensuse.security:def:34937
    P
    Security update for MozillaFirefox
    2020-12-01
    oval:org.opensuse.security:def:26360
    P
    Security update for MozillaThunderbird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26710
    P
    gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27002
    P
    openvpn on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49332
    P
    socat on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27228
    P
    libxcrypt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27559
    P
    rubygem-i18n-0_6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27896
    P
    Security update for tidy (Low)
    2020-12-01
    oval:org.opensuse.security:def:28631
    P
    Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:28252
    P
    Security update for libxml2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28546
    P
    Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:28893
    P
    Security update for fetchmail (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29042
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:29621
    P
    Security update for boost
    2020-12-01
    oval:org.opensuse.security:def:54618
    P
    libvdpau1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30885
    P
    Security update for MozillaFirefox
    2020-12-01
    oval:org.opensuse.security:def:32636
    P
    apache2-mod_php53 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:57255
    P
    Security update for openssl-certs
    2020-12-01
    oval:org.opensuse.security:def:33416
    P
    Security update for ImageMagick
    2020-12-01
    oval:org.opensuse.security:def:34102
    P
    Security update for MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34259
    P
    Security update for postgresql94 (Important)
    2020-12-01
    oval:org.opensuse.security:def:27216
    P
    libsnmp15-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26488
    P
    Security update for cacti, cacti-spine (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26861
    P
    ant on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27016
    P
    postgresql on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49386
    P
    MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27292
    P
    squid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27643
    P
    Security update for libssh2
    2020-12-01
    oval:org.opensuse.security:def:27935
    P
    Security update for GraphicsMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:27733
    P
    Security update for MozillaFirefox
    2020-12-01
    oval:org.opensuse.security:def:28263
    P
    Security update for mercurial (Important)
    2020-12-01
    oval:org.opensuse.security:def:28603
    P
    Security update for usbmuxd
    2020-12-01
    oval:org.opensuse.security:def:29680
    P
    Security update for ecryptfs-utils
    2020-12-01
    oval:org.opensuse.security:def:29708
    P
    Security update for MozillaFirefox
    2020-12-01
    oval:org.opensuse.security:def:54455
    P
    dracut on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54856
    P
    libecpg6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55586
    P
    Security update for openssh (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32350
    P
    Security update for squid (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32723
    P
    libopenssl0_9_8 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:57329
    P
    Security update for MozillaFirefox
    2020-12-01
    oval:org.opensuse.security:def:33427
    P
    Security update for Samba
    2020-12-01
    oval:org.opensuse.security:def:33798
    P
    Security update for gd
    2020-12-01
    oval:org.opensuse.security:def:34151
    P
    Security update for openssh (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:24858
    P
    SUSE-SU-2014:0418-1 -- Security update for MozillaFirefox
    2015-03-16
    oval:org.mitre.oval:def:24144
    V
    The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.
    2014-10-06
    oval:org.mitre.oval:def:23735
    P
    USN-2150-1 -- firefox vulnerabilities
    2014-06-30
    oval:org.opensuse.security:def:79963
    P
    Security update for MozillaFirefox
    2014-03-20
    oval:com.ubuntu.precise:def:20141502000
    V
    CVE-2014-1502 on Ubuntu 12.04 LTS (precise) - medium.
    2014-03-19
    BACK
    opensuse opensuse 13.1
    opensuse_project opensuse 11.4
    opensuse_project opensuse 12.3
    suse linux enterprise desktop 11 sp3
    suse linux enterprise server 11 sp3
    suse linux enterprise server 11 sp3
    suse linux enterprise software development kit 11 sp3
    oracle solaris 11.3
    mozilla firefox *
    mozilla seamonkey *
    mozilla firefox 27.0
    mozilla seamonkey 2.24