CVE-2014-1505

Published Mar 19, 2014

Last updated 5 months ago

CVSS high 7.5

Overview

Description: The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.
Source: security@mozilla.org
NVD status: Deferred
Products: firefox, seamonkey, thunderbird, ubuntu_linux, debian_linux, enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, suse_linux_enterprise_software_development_kit, opensuse, suse_linux_enterprise_desktop, suse_linux_enterprise_server

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "422EC5FE-DA03-4C14-ADED-D6212BE074D5",
            "versionEndExcluding": "28.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "767BCE0C-E257-4241-BEAB-6AD5C5B1A3AF",
            "versionEndExcluding": "24.4",
            "versionStartIncluding": "24.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "097F1C3A-4546-43F3-8CC2-50F8AF05B791",
            "versionEndExcluding": "2.25",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "507FBFAF-784E-4C0E-B959-9380C31EBD1B",
            "versionEndExcluding": "24.4",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
            "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
            "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
            "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "569964DA-31BE-4520-A66D-C3B09D557AB8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "45010D45-2FF2-4B04-B115-6B6FE606D598",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*",
            "matchCriteriaId": "2A1D7F64-5AE6-4F2D-A282-DFF61399DFBE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
            "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
            "matchCriteriaId": "F4BC592E-17CC-4DD4-8B2C-CFD99383649C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:*:*:*",
            "matchCriteriaId": "DD4BBD63-E038-45CE-9537-D96831E99A06",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
            "matchCriteriaId": "0EA03350-8702-43D5-8605-5FB765A3F60B",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

Related CVEs

References