Vulnerability Details : CVE-2014-8641
Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2014-8641
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8641
9.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8641
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2014-8641
-
http://secunia.com/advisories/62273
Sign in
-
http://secunia.com/advisories/62253
Sign in
-
http://linux.oracle.com/errata/ELSA-2015-0046.html
linux.oracle.com | ELSA-2015-0046
-
http://secunia.com/advisories/62250
Sign in
-
http://secunia.com/advisories/62293
Sign in
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
[security-announce] SUSE-SU-2015:0171-1: important: Security update for
-
http://www.debian.org/security/2015/dsa-3127
Debian -- Security Information -- DSA-3127-1 iceweasel
-
http://secunia.com/advisories/62313
Sign in
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/99961
Mozilla Firefox and SeaMonkey WebRTC denial of service CVE-2014-8641 Vulnerability Report
-
http://www.securitytracker.com/id/1031533
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Obtain Potentially Sensitive Information - SecurityTracker
-
http://rhn.redhat.com/errata/RHSA-2015-0046.html
RHSA-2015:0046 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/72044
Mozilla Firefox/SeaMonkey WebRTC Memory Corruption Vulnerability
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://secunia.com/advisories/62237
Sign in
-
http://www.mozilla.org/security/announce/2014/mfsa2015-06.html
Read-after-free in WebRTC — MozillaVendor Advisory
-
http://secunia.com/advisories/62446
Sign in
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1108455
1108455 - (CVE-2014-8641) Execution of arbitrary addresses in relation to WebRTC MediaStreamgraph.
-
http://secunia.com/advisories/62242
Sign in
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
[security-announce] SUSE-SU-2015:0173-1: important: Security update for
-
http://secunia.com/advisories/62316
Sign in
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
[security-announce] openSUSE-SU-2015:0192-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
[security-announce] openSUSE-SU-2015:0077-1: important: Security update
-
http://secunia.com/advisories/62790
Sign in
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
[security-announce] SUSE-SU-2015:0180-1: important: Security update for
-
http://secunia.com/advisories/62418
Sign in
Jump to