CVE-2014-1512

2014-03-1910:55:00

CWE-416

[email protected]

web.nvd.nist.gov

cve-2014-1512

use-after-free

typeobject

mozilla firefox

security vulnerability

remote code execution

9.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.93 High

EPSS

Percentile

99.0%

JSON

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.

CPENameOperatorVersion
mozilla:seamonkeymozilla seamonkeylt2.25
mozilla:firefox_esrmozilla firefox esrlt24.4
mozilla:firefoxmozilla firefoxlt28.0
mozilla:thunderbirdmozilla thunderbirdlt24.4
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq7.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq13.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
redhat:enterprise_linux_serverredhat enterprise linux servereq5.0

CPE	Name	Operator	Version
mozilla:seamonkey	mozilla seamonkey	lt	2.25
mozilla:firefox_esr	mozilla firefox esr	lt	24.4
mozilla:firefox	mozilla firefox	lt	28.0
mozilla:thunderbird	mozilla thunderbird	lt	24.4
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	7.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	13.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
redhat:enterprise_linux_server	redhat enterprise linux server	eq	5.0