Vulnerability Details : CVE-2014-8634
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-8634
Probability of exploitation activity in the next 30 days: 5.74%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-8634
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
nvd@nist.gov |
References for CVE-2014-8634
-
http://secunia.com/advisories/62273
Sign in
-
http://secunia.com/advisories/62253
Sign in
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1111737
1111737 - crash nsScriptLoader not thread-safe nsScriptLoader.cpp:178
-
http://linux.oracle.com/errata/ELSA-2015-0046.html
linux.oracle.com | ELSA-2015-0046
-
http://secunia.com/advisories/62293
Sign in
-
http://secunia.com/advisories/62304
Sign in
-
http://rhn.redhat.com/errata/RHSA-2015-0047.html
RHSA-2015:0047 - Security Advisory - Red Hat Customer Portal
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
[security-announce] SUSE-SU-2015:0171-1: important: Security update for
-
http://www.debian.org/security/2015/dsa-3127
Debian -- Security Information -- DSA-3127-1 iceweasel
-
http://secunia.com/advisories/62283
Sign in
-
http://secunia.com/advisories/62313
Sign in
-
http://www.ubuntu.com/usn/USN-2460-1
USN-2460-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/72049
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-8634 Multiple Memory Corruption Vulnerabilities
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1109889
1109889 - Crash [@ ??] with gczeal and recursion
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/99955
Mozilla Firefox, Thunderbird and SeaMonkey code execution CVE-2014-8634 Vulnerability Report
-
http://www.securitytracker.com/id/1031533
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Obtain Potentially Sensitive Information - SecurityTracker
-
http://rhn.redhat.com/errata/RHSA-2015-0046.html
RHSA-2015:0046 - Security Advisory - Red Hat Customer Portal
-
http://linux.oracle.com/errata/ELSA-2015-0047.html
linux.oracle.com | ELSA-2015-0047
-
http://secunia.com/advisories/62274
Sign in
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://secunia.com/advisories/62259
Sign in
-
http://www.debian.org/security/2015/dsa-3132
Debian -- Security Information -- DSA-3132-1 icedove
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox
-
http://www.securitytracker.com/id/1031534
Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Conduct Session Fixation Attacks - SecurityTracker
-
http://www.mozilla.org/security/announce/2014/mfsa2015-01.html
Miscellaneous memory safety hazards (rv:35.0 / rv:31.4) — MozillaVendor Advisory
-
http://secunia.com/advisories/62315
Sign in
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
[security-announce] SUSE-SU-2015:0173-1: important: Security update for
-
http://secunia.com/advisories/62316
Sign in
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
[security-announce] openSUSE-SU-2015:0192-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
[security-announce] openSUSE-SU-2015:0077-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
[security-announce] SUSE-SU-2015:0180-1: important: Security update for
-
http://secunia.com/advisories/62418
Sign in
-
http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html
openSUSE-SU-2015:0133-1: moderate: Security update for MozillaThunderbir
Products affected by CVE-2014-8634
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*