content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2014-1586 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:P/I:N/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | firefox | Will not fix |
| Red Hat Enterprise Linux 6 | firefox | Will not fix |
| Red Hat Enterprise Linux 6 | thunderbird | Will not fix |
| Red Hat Enterprise Linux 5 | firefox | Will not fix |
| Red Hat Enterprise Linux 5 | thunderbird | Will not fix |
Vulmon