Lucene search

MozillaCVE-2014-1551

HistoryJul 23, 2014 - 11:12 a.m.

CVE-2014-1551

2014-07-2311:12:43

mozilla

web.nvd.nist.gov

cve-2014-1551

fonttablerec

mozilla firefox

use-after-free vulnerability

windows

mathml

directwrite

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

9.5

Confidence

High

EPSS

0.105

Percentile

95.0%

JSON

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object.

Affected configurations

Nvd

Node

mozillafirefoxRange≤30.0

mozillafirefox_esrMatch24.0

mozillafirefox_esrMatch24.0.1

mozillafirefox_esrMatch24.0.2

mozillafirefox_esrMatch24.1.0

mozillafirefox_esrMatch24.1.1

mozillafirefox_esrMatch24.2

mozillafirefox_esrMatch24.3

mozillafirefox_esrMatch24.4

mozillafirefox_esrMatch24.5

mozillafirefox_esrMatch24.6

mozillathunderbirdRange≤24.6

mozillathunderbirdMatch24.0

mozillathunderbirdMatch24.0.1

mozillathunderbirdMatch24.1

mozillathunderbirdMatch24.1.1

mozillathunderbirdMatch24.2

mozillathunderbirdMatch24.3

mozillathunderbirdMatch24.4

mozillathunderbirdMatch24.5

AND

microsoftwindows

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox_esr24.0cpe:2.3:a:mozilla:firefox_esr:24.0:*:*:*:*:*:*:*
mozillafirefox_esr24.0.1cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*
mozillafirefox_esr24.0.2cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*
mozillafirefox_esr24.1.0cpe:2.3:a:mozilla:firefox_esr:24.1.0:*:*:*:*:*:*:*
mozillafirefox_esr24.1.1cpe:2.3:a:mozilla:firefox_esr:24.1.1:*:*:*:*:*:*:*
mozillafirefox_esr24.2cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*
mozillafirefox_esr24.3cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*
mozillafirefox_esr24.4cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*
mozillafirefox_esr24.5cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox_esr	24.0	cpe:2.3:a:mozilla:firefox_esr:24.0:::::::*
mozilla	firefox_esr	24.0.1	cpe:2.3:a:mozilla:firefox_esr:24.0.1:::::::*
mozilla	firefox_esr	24.0.2	cpe:2.3:a:mozilla:firefox_esr:24.0.2:::::::*
mozilla	firefox_esr	24.1.0	cpe:2.3:a:mozilla:firefox_esr:24.1.0:::::::*
mozilla	firefox_esr	24.1.1	cpe:2.3:a:mozilla:firefox_esr:24.1.1:::::::*
mozilla	firefox_esr	24.2	cpe:2.3:a:mozilla:firefox_esr:24.2:::::::*
mozilla	firefox_esr	24.3	cpe:2.3:a:mozilla:firefox_esr:24.3:::::::*
mozilla	firefox_esr	24.4	cpe:2.3:a:mozilla:firefox_esr:24.4:::::::*
mozilla	firefox_esr	24.5	cpe:2.3:a:mozilla:firefox_esr:24.5:::::::*