Vulnerability Details : CVE-2014-1478
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2014-1478
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1478
2.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1478
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-1478
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1478
-
https://bugzilla.mozilla.org/show_bug.cgi?id=944851
944851 - Array out-of-bounds [@ mozilla::dom::AudioParamTimeline::AudioNodeInputValue]Issue Tracking;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=938431
938431 - Assertion failure: consumer->isConsistentFloat32Use(), at jit/IonAnalysis.cppIssue Tracking;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=942152
942152 - Assertion failure: ss->ssl3.hs.hashType == handshake_hash_unknownIssue Tracking;Vendor Advisory
-
http://secunia.com/advisories/56888
Sign inBroken Link
-
http://www.securitytracker.com/id/1029721
Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
https://bugzilla.mozilla.org/show_bug.cgi?id=945585
945585 - Crash involving nsNodeUtils::LastRelease(), possibly due to running it twiceIssue Tracking;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
[security-announce] openSUSE-SU-2014:0419-1: important: Mozilla updatesMailing List;Third Party Advisory
-
https://8pecxstudios.com/?page_id=44080
Broken Link
-
https://bugzilla.mozilla.org/show_bug.cgi?id=916635
916635 - Recursive graph traversal in RangeAnalysisIssue Tracking;Vendor Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=944278
944278 - OdinMonkey: Crash [@ js::Invoke]Issue Tracking;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
[security-announce] openSUSE-SU-2014:0212-1: important: Mozilla FirefoxMailing List;Third Party Advisory
-
http://secunia.com/advisories/56787
Sign inBroken Link
-
https://bugzilla.mozilla.org/show_bug.cgi?id=942940
942940 - Potential dangling peerreflexive candidate on some types of failure.Issue Tracking;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=944321
944321 - --ion-check-range-analysis failure with Float32Array (SIGTRAP)Issue Tracking;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=911845
911845 - Beta node checking, found bugsIssue Tracking;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=925308
925308 - Assertion failure: *(int*)size_ >= 0, at vm/SPSProfiler.cpp:196Issue Tracking;Vendor Advisory
-
http://www.securitytracker.com/id/1029717
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
https://bugzilla.mozilla.org/show_bug.cgi?id=946733
946733 - Crash in nr_turn_stun_ctx_cbIssue Tracking;Vendor Advisory
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo securityThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2102-2
USN-2102-2: Firefox regression | Ubuntu security noticesThird Party Advisory
-
http://www.mozilla.org/security/announce/2014/mfsa2014-01.html
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=953373
953373 - Assertion failure: MIR instruction returned object with unexpected type, at js/src/jit/IonMacroAssembler.cpp:1223, loading Amazon product pageIssue Tracking;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90900
Mozilla Firefox,Thunderbird and SeaMonkey safety code execution CVE-2014-1478 Vulnerability ReportThird Party Advisory;VDB Entry
-
https://bugzilla.mozilla.org/show_bug.cgi?id=932162
932162 - Crash in mozilla::dom::indexedDB::IndexedDatabaseManager::AddRef invoked by mozilla::dom::indexedDB::FileInfo::Cleanup in cycle collecting DOM Worker deathIssue Tracking;Vendor Advisory
-
http://secunia.com/advisories/56922
Sign inBroken Link
-
https://bugzilla.mozilla.org/show_bug.cgi?id=924348
924348 - Intermittent PROCESS-CRASH | /tests/dom/indexedDB/test/test_add_put.html | application crashed [@ sqlite3LeaveMutexAndCloseZombie] or [@ hashDestroy]Issue Tracking;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=911707
911707 - Assertion failure: arr->lengthIsWritable() (setter shouldn't be called if property is non-writable), at jsarray.cppIssue Tracking;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=922603
922603 - Signed integer overflow in image/src/imgFrame.cppIssue Tracking;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-2102-1
USN-2102-1: Firefox vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html
[security-announce] openSUSE-SU-2014:0213-1: important: Mozilla updatesMailing List;Third Party Advisory
-
http://secunia.com/advisories/56767
Sign inBroken Link
-
http://www.securitytracker.com/id/1029720
Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/65324
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1478 Multiple Memory Corruption VulnerabilitiesThird Party Advisory;VDB Entry
-
https://bugzilla.mozilla.org/show_bug.cgi?id=939472
939472 - "Assertion failure: view" with gcslice and neuterIssue Tracking;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=867597
867597 - IonMonkey: ARM hwcaps detection depends on uninitialised garbage on the stackIssue Tracking;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=950452
950452 - Assertion failure: MIR instruction returned value with unexpected type, at jit/IonMacroAssembler.cpp:1219Issue Tracking;Vendor Advisory
-
http://osvdb.org/102865
Broken Link
Jump to