Vulnerability Details : CVE-2014-1563
Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2014-1563
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1563
63.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1563
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-1563
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1563
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
[security-announce] openSUSE-SU-2015:0138-1: important: Firefox update tThird Party Advisory
-
http://www.securitytracker.com/id/1030794
Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker
-
http://www.securityfocus.com/bid/69523
Mozilla Firefox/Thunderbird CVE-2014-1563 Memory Corruption Vulnerability
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html
[security-announce] openSUSE-SU-2014:1098-1: important: MozillaThunderbiThird Party Advisory
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html
openSUSE-SU-2014:1099-1: moderate: MozillaFirefox to Firefox 32Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox
-
http://www.securitytracker.com/id/1030793
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker
-
http://secunia.com/advisories/60148
Sign in
-
http://secunia.com/advisories/61114
Sign in
-
http://www.mozilla.org/security/announce/2014/mfsa2014-68.html
Use-after-free during DOM interactions with SVG — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1018524
1018524 - (CVE-2014-1563) Heap-use-after-free in mozilla::DOMSVGLength::GetTearOffIssue Tracking
Jump to