Vulnerability Details : CVE-2014-1594
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.
Vulnerability category: Input validationExecute code
Products affected by CVE-2014-1594
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1594
6.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1594
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2014-1594
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1594
-
http://www.mozilla.org/security/announce/2014/mfsa2014-89.html
Bad casting from the BasicThebesLayer to BasicContainerLayer — MozillaVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
[security-announce] openSUSE-SU-2015:0138-1: important: Firefox update t
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015
-
http://www.securityfocus.com/bid/71396
Mozilla Firefox/Thunderbird CVE-2014-1594 Security Vulnerability
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1074280
1074280 - (CVE-2014-1594) Bad casting: From BasicThebesLayer to BasicContainerLayer
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox
-
http://www.debian.org/security/2014/dsa-3092
Debian -- Security Information -- DSA-3092-1 icedove
-
http://www.debian.org/security/2014/dsa-3090
Debian -- Security Information -- DSA-3090-1 iceweasel
Jump to