Domain Spoofing in Mozilla Firefox and SeaMonkey Webcam Permissions
CVE-2014-1499

Currently unrated

Key Information:

Vendor: Suse
Status: Linux Enterprise Desktop; Linux Enterprise Server; Linux Enterprise Software Development Kit
Vendor: CVE Published:; 19 March 2014

Summary

This vulnerability allows remote attackers to spoof the displayed domain in the WebRTC camera or microphone permission prompt in Mozilla Firefox and SeaMonkey. By exploiting specific timing during navigation, the attackers can manipulate the appearance of the permission prompt, potentially leading users to grant access to their webcam or microphone without realizing they are being deceived.

References

http://www.mozilla.org/security/announce/2014/mfsa2014-19...

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=961512

x_refsource_CONFIRM

https://security.gentoo.org/glsa/201504-01

vendor-advisoryx_refsource_GENTOO

Timeline

Vulnerability published
Mar 19, 2014
Vulnerability Reserved
Jan 16, 2014