CVE-2014-1532 : Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord f

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.

Published 2014-04-30 10:49:05

Updated 2025-04-12 10:46:41

Source Mozilla Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Products affected by CVE-2014-1532

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux Enterprise Server » Version: 10 Update SP4 Ltss Edition
cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
Matching versions
Suse » Suse Linux Enterprise Server » Version: 11 Update SP1 Ltss Edition
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:ltss:*:*:*
Matching versions
Mozilla » Firefox
Versions before (<) 29.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird
Versions before (<) 24.5
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey
Versions before (<) 2.26
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Esr
Versions from including (>=) 24.0 and before (<) 24.5
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 13.10
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 19
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 20
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 11.4
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.3
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-1532

EPSS FAQ

3.61%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-1532

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2014-1532

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-1532

http://www.securitytracker.com/id/1030164

Mozilla Seamonkey Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Cross-Site Scripting Attacks - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.debian.org/security/2014/dsa-2918

Debian -- Security Information -- DSA-2918-1 iceweasel
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1030163

Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Cross-Site Scripting Attacks and Local Users Gain Elevated Privileges - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.mozilla.org/security/announce/2014/mfsa2014-46.html

Use-after-free in nsHostResolver — Mozilla
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Oracle Solaris Bulletin - April 2016
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html

openSUSE-SU-2014:0599-1: moderate: update for MozillaFirefox
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2014/dsa-2924

Debian -- Security Information -- DSA-2924-1 icedove
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html

openSUSE-SU-2014:0629-1: moderate: update for seamonkey
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html

[SECURITY] Fedora 20 Update: thunderbird-24.5.0-1.fc20
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html

[SECURITY] Fedora 19 Update: firefox-29.0-5.fc19
Mailing List;Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2014-0448.html

RHSA-2014:0448 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201504-01

Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html

openSUSE-SU-2014:0602-1: moderate: Mozilla updates 5/2014
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html

[security-announce] SUSE-SU-2014:0727-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=966006

966006 - (CVE-2014-1532) heap-use-after-free in libxul.so!nsHostResolver::ConditionallyRefreshRecord()
Exploit;Issue Tracking;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html

[security-announce] SUSE-SU-2014:0665-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2189-1

USN-2189-1: Thunderbird vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/59866

Sign in
Broken Link

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2185-1

USN-2185-1: Firefox vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html

openSUSE-SU-2014:0640-1: moderate: update for MozillaThunderbird
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/67130

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1532 Use After Free Memory Corruption Vulnerability
Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2014-0449.html

RHSA-2014:0449 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1030165

Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Cross-Site Scripting Attacks and Local Users Gain Elevated Privileges - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-1532

Products affected by CVE-2014-1532

Exploit prediction scoring system (EPSS) score for CVE-2014-1532

CVSS scores for CVE-2014-1532

CWE ids for CVE-2014-1532

References for CVE-2014-1532