Vulnerability Details : CVE-2014-1592

Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.

Vulnerability category: Memory CorruptionExecute code

Published 2014-12-11 11:59:06

Updated 2016-12-24 02:59:02

Source Mozilla Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-1592

Probability of exploitation activity in the next 30 days: 6.28%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-1592

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	nvd@nist.gov
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2014-1592

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html

[security-announce] openSUSE-SU-2015:0138-1: important: Firefox update t

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Oracle Solaris Third Party Bulletin - April 2015

CVEs referencing this url
http://www.mozilla.org/security/announce/2014/mfsa2014-87.html

Use-after-free during HTML5 parsing — Mozilla
Vendor Advisory
https://security.gentoo.org/glsa/201504-01

Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/71398

Mozilla Firefox/Thunderbird CVE-2014-1592 Use After Free Memory Corruption Vulnerability
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox

CVEs referencing this url
http://www.debian.org/security/2014/dsa-3092

Debian -- Security Information -- DSA-3092-1 icedove

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=1088635

1088635 - (CVE-2014-1592) 1410H - Firefox 32,33 xul.dll!nsHtml5TreeOperation use-after-free (poisoned)
http://www.debian.org/security/2014/dsa-3090

Debian -- Security Information -- DSA-3090-1 iceweasel

CVEs referencing this url

Products affected by CVE-2014-1592

Mozilla » Firefox
Versions up to, including, (<=) 33.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird
Versions up to, including, (<=) 31.2
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey
Versions up to, including, (<=) 2.30
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Esr
Versions up to, including, (<=) 31.2
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Matching versions