Vulnerability Details : CVE-2014-1577
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2014-1577
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:31.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1577
8.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1577
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:P |
10.0
|
4.9
|
NIST |
References for CVE-2014-1577
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html
[SECURITY] Fedora 20 Update: firefox-33.0-1.fc20
-
http://rhn.redhat.com/errata/RHSA-2014-1647.html
RHSA-2014:1647 - Security Advisory - Red Hat Customer Portal
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html
[SECURITY] Fedora 21 Update: firefox-33.0-1.fc21
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
[security-announce] openSUSE-SU-2015:0138-1: important: Firefox update t
-
http://secunia.com/advisories/62023
Sign in
-
http://www.mozilla.org/security/announce/2014/mfsa2014-76.html
Web Audio memory corruption issues with custom waveforms — MozillaVendor Advisory
-
https://advisories.mageia.org/MGASA-2014-0421.html
Mageia Advisory: MGASA-2014-0421 - Updated firefox and thunderbird packages fix security vulnerabilities
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015
-
http://www.securitytracker.com/id/1031028
Mozilla Firefox Bugs Let Remote Users Execute Arbitrary Code, Bypass Same Origin-Policy, and Obtain Potentially Sensitive Information - SecurityTracker
-
http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html
openSUSE-SU-2014:1343-1: moderate: update for MozillaThunderbird
-
http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html
openSUSE-SU-2014:1346-1: moderate: update for MozillaThunderbird
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1012609
1012609 - (CVE-2014-1577) Out-of-Bounds Read in mozilla::dom::OscillatorNodeEngine::ComputeCustom with negative frequency
-
http://www.debian.org/security/2014/dsa-3061
Debian -- Security Information -- DSA-3061-1 icedove
-
http://secunia.com/advisories/62022
Sign in
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://www.debian.org/security/2014/dsa-3050
Debian -- Security Information -- DSA-3050-1 iceweasel
-
http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html
openSUSE-SU-2014:1344-1: moderate: update for firefox, mozilla-nspr, moz
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox
-
http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html
openSUSE-SU-2014:1345-1: moderate: update for firefox, mozilla-nspr, moz
-
http://www.ubuntu.com/usn/USN-2372-1
USN-2372-1: Firefox vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2373-1
USN-2373-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://www.securitytracker.com/id/1031030
Mozilla Thunderbird Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://secunia.com/advisories/61387
Sign in
-
http://www.securityfocus.com/bid/70440
Mozilla Firefox/Thunderbird CVE-2014-1577 Out of Bounds Memory Corruption Vulnerability
-
http://rhn.redhat.com/errata/RHSA-2014-1635.html
RHSA-2014:1635 - Security Advisory - Red Hat Customer Portal
-
http://secunia.com/advisories/61854
Sign in
-
http://secunia.com/advisories/62021
Sign in
Jump to