Vulnerability Details : CVE-2014-1553
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2014-1553
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1553
2.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1553
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-1553
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1553
-
https://bugzilla.mozilla.org/show_bug.cgi?id=995075
995075 - OOM large null-offset write in update_filter() triggered with AudioBufferSourceNodeIssue Tracking
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
[security-announce] openSUSE-SU-2015:0138-1: important: Firefox update tThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1022945
1022945 - Shutdown crash with many mozGetUserMedia callsIssue Tracking
-
http://www.securitytracker.com/id/1030794
Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016
-
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html
[security-announce] openSUSE-SU-2014:1098-1: important: MozillaThunderbiThird Party Advisory
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1037666
1037666 - Crash [@ js::BarrieredBase<js::types::TypeObject*>::operator->] or Crash [@ js::ScriptSourceObject::initFromOptions] with offThread scriptIssue Tracking
-
http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html
openSUSE-SU-2014:1099-1: moderate: MozillaFirefox to Firefox 32Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1035007
1035007 - nsStandardURL::SetHost called net_ToLowerCase with a bogus pointer, #4Issue Tracking
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1041148
1041148 - GC hazard with worker XMLHttpRequestIssue Tracking
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1027359
1027359 - Differential Testing: Incorrect codegen for mod (%) on ARM simIssue Tracking
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox
-
http://www.securitytracker.com/id/1030793
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker
-
http://secunia.com/advisories/60148
Sign in
-
http://secunia.com/advisories/61114
Sign in
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1033121
1033121 - Race in nsTimerEvent destructorIssue Tracking
-
http://www.securityfocus.com/bid/69524
Mozilla Firefox/Thunderbird CVE-2014-1553 Multiple Memory Corruption Vulnerabilities
-
http://www.mozilla.org/security/announce/2014/mfsa2014-67.html
Miscellaneous memory safety hazards (rv:32.0 / rv:31.1 / rv:24.8) — MozillaVendor Advisory
Jump to