CVE-2014-1499
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0061 (0.6%)
Percentile: 69.9%
EPSS: 2026-05-06
Affects
suse:linux_enterprise_desktopsuse:linux_enterprise_serversuse:linux_enterprise_software_development_kitmozilla:seamonkeyoracle:solarismozilla:firefoxopensuse:opensuseopensuse_project:opensuseTechnical description
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.
Published: 3/19/2014, 10:55:06 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-19.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=961512
- https://security.gentoo.org/glsa/201504-01