CVE-2014-1550 : Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox befo

Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Published 2014-07-23 11:12:43

Updated 2025-04-12 10:46:41

Source Mozilla Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Products affected by CVE-2014-1550

Mozilla » Firefox
Versions up to, including, (<=) 30.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird
Versions up to, including, (<=) 24.7
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 24.0
cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 24.3
cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 24.4
cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 24.0.1
cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 24.1
cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 24.5
cpe:2.3:a:mozilla:thunderbird:24.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 24.1.1
cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 24.2
cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 24.6
cpe:2.3:a:mozilla:thunderbird:24.6:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-1550

EPSS FAQ

2.98%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-1550

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2014-1550

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Oracle Solaris Bulletin - April 2016

CVEs referencing this url
http://secunia.com/advisories/59760

CVEs referencing this url
http://www.securitytracker.com/id/1030619

Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Spoof User Interface Elements - SecurityTracker

CVEs referencing this url
https://security.gentoo.org/glsa/201504-01

Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security

CVEs referencing this url
http://www.mozilla.org/security/announce/2014/mfsa2014-58.html

Use-after-free in Web Audio due to incorrect control message ordering — Mozilla
Vendor Advisory
http://www.securitytracker.com/id/1030620

Mozilla Thunderbird Multiple Flaws Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTracker

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=1020411

1020411 - (CVE-2014-1550) Heap-use-after-free in nsRefPtr<mozilla::MediaInputPort>::operator
http://secunia.com/advisories/60628

Sign in

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-1550

Products affected by CVE-2014-1550

Exploit prediction scoring system (EPSS) score for CVE-2014-1550

CVSS scores for CVE-2014-1550

References for CVE-2014-1550