CVE-2014-1488

2014-02-0605:44:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

mozilla

firefox

seamonkey

cve-2014-1488

web workers

arbitrary code execution

security vulnerability

9.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

82.0%

JSON

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.

CPENameOperatorVersion
mozilla:seamonkeymozilla seamonkeylt2.24
mozilla:firefoxmozilla firefoxlt27.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq13.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
oracle:solarisoracle solariseq11.3
suse:linux_enterprise_desktopsuse linux enterprise desktopeq11
suse:linux_enterprise_serversuse linux enterprise servereq11
opensuse:opensuseopensuseeq12.3
suse:linux_enterprise_software_development_kitsuse linux enterprise software development kiteq11

CPE	Name	Operator	Version
mozilla:seamonkey	mozilla seamonkey	lt	2.24
mozilla:firefox	mozilla firefox	lt	27.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	13.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
oracle:solaris	oracle solaris	eq	11.3
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	11
suse:linux_enterprise_server	suse linux enterprise server	eq	11
opensuse:opensuse	opensuse	eq	12.3
suse:linux_enterprise_software_development_kit	suse linux enterprise software development kit	eq	11