Lucene search

[email protected]CVE-2014-1540

HistoryJun 11, 2014 - 10:57 a.m.

CVE-2014-1540

2014-06-1110:57:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

mozilla

firefox

cve-2014-1540

use-after-free vulnerability

remote code execution

heap memory corruption

nvd

9.3 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.7%

JSON

Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle29.0.1

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	29.0.1

References

lists.opensuse.org/opensuse-updates/2014-06/msg00040.html

lists.opensuse.org/opensuse-updates/2014-07/msg00001.html

secunia.com/advisories/59052

secunia.com/advisories/59171

secunia.com/advisories/59387

secunia.com/advisories/59486

secunia.com/advisories/59866

www.mozilla.org/security/announce/2014/mfsa2014-51.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/67978

www.securitytracker.com/id/1030388

www.ubuntu.com/usn/USN-2243-1

bugzilla.mozilla.org/show_bug.cgi?id=978862

security.gentoo.org/glsa/201504-01

9.3 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.7%

JSON

Related for CVE-2014-1540

prion1 ubuntucve1 openvas7 mozilla1 nessus10 ubuntu1 freebsd1 securityvulns1 mageia1 gentoo1 suse1