Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2014-1505

Published

10 years ago

Last Modified

7 months ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

High

Impact Analysis

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693..

CVSSv2.0 Score

Severity: Medium
Base Score: 5/10
Exploit Score: 10/10
Access Vector: Network
Access Complexity: Low
Authentication Required: None
Impact Score: 2.9/10
Confidentiality Impact: Partial
Availability Impact: None
Integrity Impact: None

CVSSv3.1 Score

Severity: High
Base Score: 7.5/10
Exploit Score: 3.9/10
Access Vector: Network
Access Complexity: Low
Privileges Required: None
Impact Score: 3.6/10
Confidentiality Impact: High
Availability Impact: None
Integrity Impact: None
Scope: Unchanged
User Interaction: None

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:mozilla:seamonkey::::::::	Yes	-	2.25
cpe:2.3:a:mozilla:firefox_esr::::::::	Yes	24.0	24.4
cpe:2.3:a:mozilla:firefox::::::::	Yes	-	28.0
cpe:2.3:a:mozilla:thunderbird::::::::	Yes	-	24.4
cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*	Yes	-	-
cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::	Yes	-	-
cpe:2.3:o:debian:debian_linux:8.0:::::::*	Yes	-	-
cpe:2.3:o:debian:debian_linux:7.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5::::::	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::*:	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5::::::	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5::::::	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::*:	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*	Yes	-	-
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:::::::*	Yes	-	-
cpe:2.3:o:opensuse:opensuse:12.3:::::::*	Yes	-	-
cpe:2.3:o:opensuse:opensuse:11.4:::::::*	Yes	-	-
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:::::*	Yes	-	-
cpe:2.3:o:opensuse:opensuse:13.1:::::::*	Yes	-	-
cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:::::	Yes	-	-
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:::*:vmw	Yes	-	-
cpe:2.3:a:novell:suse_linux_enterprise_software_development_	Yes	-	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2014-1505

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2014-1505

CVE information

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References