Lucene search

[email protected]CVE-2014-1514

HistoryMar 19, 2014 - 10:55 a.m.

CVE-2014-1514

2014-03-1910:55:06

CWE-787

[email protected]

web.nvd.nist.gov

cve-2014-1514

mozilla firefox

firefox esr

thunderbird

seamonkey

vmtypedarrayobject.cpp

remote code execution

denial of service

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.077 Low

EPSS

Percentile

94.2%

JSON

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.

Affected configurations

NVD

Node

mozillafirefoxRange<28.0

mozillafirefox_esrRange24.0–24.4

mozillaseamonkeyRange<2.25

mozillathunderbirdRange<24.4

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

susesuse_linux_enterprise_software_development_kitMatch11.0sp3

opensuseopensuseMatch11.4

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

susesuse_linux_enterprise_desktopMatch11sp3

susesuse_linux_enterprise_serverMatch11sp3

susesuse_linux_enterprise_serverMatch11sp3vmware

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.5

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.5

redhatenterprise_linux_server_eusMatch6.5

redhatenterprise_linux_server_tusMatch6.5

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.10

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt28.0
mozilla:firefox_esrmozilla firefox esrlt24.4
mozilla:seamonkeymozilla seamonkeylt2.25
mozilla:thunderbirdmozilla thunderbirdlt24.4

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	lt	28.0
mozilla:firefox_esr	mozilla firefox esr	lt	24.4
mozilla:seamonkey	mozilla seamonkey	lt	2.25
mozilla:thunderbird	mozilla thunderbird	lt	24.4