Search for vulnerabilities
| Vulnerability ID | VCID-4y2c-yfgn-abhf |
| Aliases |
CVE-2014-1487
|
| Summary | Security researcher Masato Kinugawa reported a cross-origin information leak through web workers' error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 8.0 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1487.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2014-1487 | ||
| 1060947 | https://bugzilla.redhat.com/show_bug.cgi?id=1060947 | |
| CVE-2014-1487 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487 | |
| mfsa2014-09 | https://www.mozilla.org/en-US/security/advisories/mfsa2014-09 | |
| RHSA-2014:0132 | https://access.redhat.com/errata/RHSA-2014:0132 | |
| RHSA-2014:0133 | https://access.redhat.com/errata/RHSA-2014:0133 | |
| USN-2102-1 | https://usn.ubuntu.com/2102-1/ | |
| USN-2119-1 | https://usn.ubuntu.com/2119-1/ |
| Percentile | 0.6496 |
| EPSS Score | 0.00501 |
| Published At | July 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:10:43.817021+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-09.md | 37.0.0 |