Vulnerability Details : CVE-2014-8641
Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.
Vulnerability category: Memory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2014-8641
Probability of exploitation activity in the next 30 days: 9.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-8641
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2014-8641
-
http://secunia.com/advisories/62273
Sign in
-
http://secunia.com/advisories/62253
Sign in
-
http://linux.oracle.com/errata/ELSA-2015-0046.html
linux.oracle.com | ELSA-2015-0046
-
http://secunia.com/advisories/62293
Sign in
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
[security-announce] SUSE-SU-2015:0171-1: important: Security update for
-
http://www.debian.org/security/2015/dsa-3127
Debian -- Security Information -- DSA-3127-1 iceweasel
-
http://secunia.com/advisories/62313
Sign in
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/99961
Mozilla Firefox and SeaMonkey WebRTC denial of service CVE-2014-8641 Vulnerability Report
-
http://www.securitytracker.com/id/1031533
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Obtain Potentially Sensitive Information - SecurityTracker
-
http://rhn.redhat.com/errata/RHSA-2015-0046.html
RHSA-2015:0046 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/72044
Mozilla Firefox/SeaMonkey WebRTC Memory Corruption Vulnerability
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://www.mozilla.org/security/announce/2014/mfsa2015-06.html
Read-after-free in WebRTC — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1108455
1108455 - (CVE-2014-8641) Execution of arbitrary addresses in relation to WebRTC MediaStreamgraph.
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
[security-announce] SUSE-SU-2015:0173-1: important: Security update for
-
http://secunia.com/advisories/62316
Sign in
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
[security-announce] openSUSE-SU-2015:0192-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
[security-announce] openSUSE-SU-2015:0077-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
[security-announce] SUSE-SU-2015:0180-1: important: Security update for
-
http://secunia.com/advisories/62418
Sign in
Products affected by CVE-2014-8641
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*