CVE-2014-1538

2014-06-1110:57:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2014-1538

use-after-free

vulnerability

mozilla firefox

remote attack

arbitrary code

denial of service

nvd

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.078 Low

EPSS

Percentile

94.1%

JSON

Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle29.0.1
mozilla:firefox_esrmozilla firefox esreq24.5
mozilla:firefox_esrmozilla firefox esreq24.2
mozilla:firefox_esrmozilla firefox esreq24.0
mozilla:firefox_esrmozilla firefox esreq24.0.2
mozilla:firefox_esrmozilla firefox esreq24.1.0
mozilla:firefox_esrmozilla firefox esreq24.4
mozilla:firefox_esrmozilla firefox esreq24.3
mozilla:firefox_esrmozilla firefox esreq24.0.1
mozilla:firefox_esrmozilla firefox esreq24.1.1

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	29.0.1
mozilla:firefox_esr	mozilla firefox esr	eq	24.5
mozilla:firefox_esr	mozilla firefox esr	eq	24.2
mozilla:firefox_esr	mozilla firefox esr	eq	24.0
mozilla:firefox_esr	mozilla firefox esr	eq	24.0.2
mozilla:firefox_esr	mozilla firefox esr	eq	24.1.0
mozilla:firefox_esr	mozilla firefox esr	eq	24.4
mozilla:firefox_esr	mozilla firefox esr	eq	24.3
mozilla:firefox_esr	mozilla firefox esr	eq	24.0.1
mozilla:firefox_esr	mozilla firefox esr	eq	24.1.1