CVE-2014-1522

2014-04-3010:49:00

CWE-125

[email protected]

web.nvd.nist.gov

cve-2014-1522

mozilla firefox

oscillatornodeengine

remote code execution

web audio

nvd

9.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.8%

JSON

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content.

CPENameOperatorVersion
fedoraproject:fedorafedoraproject fedoraeq19
canonical:ubuntu_linuxcanonical ubuntu linuxeq13.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
opensuse:opensuseopensuseeq12.3
opensuse:opensuseopensuseeq13.1
mozilla:firefoxmozilla firefoxlt29.0
mozilla:seamonkeymozilla seamonkeylt2.26

CPE	Name	Operator	Version
fedoraproject:fedora	fedoraproject fedora	eq	19
canonical:ubuntu_linux	canonical ubuntu linux	eq	13.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
opensuse:opensuse	opensuse	eq	12.3
opensuse:opensuse	opensuse	eq	13.1
mozilla:firefox	mozilla firefox	lt	29.0
mozilla:seamonkey	mozilla seamonkey	lt	2.26