Vulnerability Details : CVE-2014-1576
Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style.
Vulnerability category: OverflowExecute code
Products affected by CVE-2014-1576
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:31.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1576
4.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1576
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-1576
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1576
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1041512
1041512 - (CVE-2014-1576) Heap-buffer-overflow in nsTransformedTextRun::SetCapitalization
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html
[SECURITY] Fedora 20 Update: firefox-33.0-1.fc20
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html
[SECURITY] Fedora 21 Update: firefox-33.0-1.fc21
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
[security-announce] openSUSE-SU-2015:0138-1: important: Firefox update t
-
http://secunia.com/advisories/62023
Sign in
-
https://advisories.mageia.org/MGASA-2014-0421.html
Mageia Advisory: MGASA-2014-0421 - Updated firefox and thunderbird packages fix security vulnerabilities
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015
-
http://www.securitytracker.com/id/1031028
Mozilla Firefox Bugs Let Remote Users Execute Arbitrary Code, Bypass Same Origin-Policy, and Obtain Potentially Sensitive Information - SecurityTracker
-
http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html
openSUSE-SU-2014:1343-1: moderate: update for MozillaThunderbird
-
http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html
openSUSE-SU-2014:1346-1: moderate: update for MozillaThunderbird
-
http://www.debian.org/security/2014/dsa-3061
Debian -- Security Information -- DSA-3061-1 icedove
-
http://www.mozilla.org/security/announce/2014/mfsa2014-75.html
Buffer overflow during CSS manipulation — MozillaVendor Advisory
-
http://secunia.com/advisories/62022
Sign in
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://www.debian.org/security/2014/dsa-3050
Debian -- Security Information -- DSA-3050-1 iceweasel
-
http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html
openSUSE-SU-2014:1344-1: moderate: update for firefox, mozilla-nspr, moz
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox
-
http://www.securityfocus.com/bid/70430
Mozilla Firefox/Thunderbird CVE-2014-1576 Remote Heap Buffer Overflow Vulnerability
-
http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html
openSUSE-SU-2014:1345-1: moderate: update for firefox, mozilla-nspr, moz
-
http://www.ubuntu.com/usn/USN-2372-1
USN-2372-1: Firefox vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2373-1
USN-2373-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://www.securitytracker.com/id/1031030
Mozilla Thunderbird Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://secunia.com/advisories/61387
Sign in
-
http://rhn.redhat.com/errata/RHSA-2014-1635.html
RHSA-2014:1635 - Security Advisory - Red Hat Customer Portal
-
http://secunia.com/advisories/61854
Sign in
-
http://secunia.com/advisories/62021
Sign in
Jump to