Vulnerability Details : CVE-2014-8635
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-8635
Probability of exploitation activity in the next 30 days: 26.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-8635
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
nvd@nist.gov |
References for CVE-2014-8635
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1070962
1070962 - Crash [@ js::jit::JitFrameIterator::operator++] with RegExp
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1026774
1026774 - malloc of undefined size in stun_get_mib_addrs in rare cases
-
http://secunia.com/advisories/62253
Sign in
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1072130
1072130 - Use-after-poison [@ mozilla::FontFamilyList::FontFamilyList] with unicode-bidi: bidi-override
-
http://www.securitytracker.com/id/1031533
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Obtain Potentially Sensitive Information - SecurityTracker
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox
-
http://www.securityfocus.com/bid/72050
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-8635 Multiple Memory Corruption Vulnerabilities
-
http://www.securitytracker.com/id/1031534
Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Conduct Session Fixation Attacks - SecurityTracker
-
http://www.mozilla.org/security/announce/2014/mfsa2015-01.html
Miscellaneous memory safety hazards (rv:35.0 / rv:31.4) — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1067473
1067473 - BarrieredCell<JSObject> is calling the wrong zone() implementation
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1098583
1098583 - Empty datachannel label results in heap overflow
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1027300
1027300 - UMR in stun_get_siocgifconf_addrs
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1054538
1054538 - Crash [@ interpExitTrampoline] with js::jit::IonScript::unlinkFromRuntime and GC on the stack
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1072871
1072871 - IPC: heap-use-after-free crash [@mozilla::gfx::DrawTargetCG::CopySurface]
-
http://secunia.com/advisories/62316
Sign in
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
[security-announce] openSUSE-SU-2015:0192-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
[security-announce] openSUSE-SU-2015:0077-1: important: Security update
-
http://secunia.com/advisories/62418
Sign in
-
http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html
openSUSE-SU-2015:0133-1: moderate: Security update for MozillaThunderbir
Products affected by CVE-2014-8635
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*