Vulnerability Details : CVE-2014-1587
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: Memory CorruptionInput validationExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-1587
Probability of exploitation activity in the next 30 days: 3.78%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-1587
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2014-1587
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1587
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1089207
1089207 - sipcc SDP parser can corrupt memory
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
[security-announce] openSUSE-SU-2015:0138-1: important: Firefox update t
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1080312
1080312 - Crash in DataChannels/sctp timer loop when far-end is being debugged with GDB
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1072847
1072847 - Crash [@ _moz_cairo_surface_destroy] with long DOM Notification, only on Windows
-
http://www.mozilla.org/security/announce/2014/mfsa2014-83.html
Miscellaneous memory safety hazards (rv:34.0 / rv:31.3) — MozillaVendor Advisory
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1079729
1079729 - PeerConnection.createDataChannel crashes remote end in mozilla::detail::PrimitiveIntrinsics<int>::sub(long*, long)
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox
-
http://www.securityfocus.com/bid/71391
Mozilla Firefox/Thunderbird CVE-2014-1587 Multiple Memory Corruption Vulnerabilities
-
http://www.debian.org/security/2014/dsa-3092
Debian -- Security Information -- DSA-3092-1 icedove
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1042567
1042567 - Crash [@ js::FetchName] or Assertion failure: shape->hasSlot(), at vm/Interpreter-inl.h
-
http://www.debian.org/security/2014/dsa-3090
Debian -- Security Information -- DSA-3090-1 iceweasel
Products affected by CVE-2014-1587
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*