Mozilla Firefox CVE-2013-1698 Weak Authentication Vulnerability

description-logoDescription

Mozilla engineer Matt Wobensmith discovered that when the getUserMedia permission dialog for an iframe appears in one domain, it will display its origin as that of the top-level document and not the calling framed page. This could lead to users incorrectly giving camera or microphone permissions when confusing the requesting page's location for a hosting one's.

affected-products-logoAffected Applications

Firefox

CVE References

CVE-2013-1698