Lucene search

[email protected]CVE-2014-1577

HistoryOct 15, 2014 - 10:55 a.m.

CVE-2014-1577

2014-10-1510:55:06

[email protected]

web.nvd.nist.gov

cve-2014-1577

mozilla

firefox

thunderbird

remote attack

sensitive information

denial of service

memory corruption

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

AI Score

Confidence

High

0.085 Low

EPSS

Percentile

94.5%

JSON

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value.

Affected configurations

NVD

Node

mozillafirefox_esrMatch31.0

mozillafirefox_esrMatch31.1.0

Node

mozillathunderbirdMatch31.0

mozillathunderbirdMatch31.1.0

Node

mozillafirefoxRange≤32.0

mozillafirefoxMatch30.0

mozillafirefoxMatch31.0

mozillafirefoxMatch31.1.0

CPENameOperatorVersion
mozilla:firefox_esrmozilla firefox esreq31.0
mozilla:firefox_esrmozilla firefox esreq31.1.0

CPE	Name	Operator	Version
mozilla:firefox_esr	mozilla firefox esr	eq	31.0
mozilla:firefox_esr	mozilla firefox esr	eq	31.1.0

References

lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html

lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html

lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-updates/2014-11/msg00000.html

lists.opensuse.org/opensuse-updates/2014-11/msg00001.html

lists.opensuse.org/opensuse-updates/2014-11/msg00002.html

lists.opensuse.org/opensuse-updates/2014-11/msg00003.html

rhn.redhat.com/errata/RHSA-2014-1635.html

rhn.redhat.com/errata/RHSA-2014-1647.html

secunia.com/advisories/61387

secunia.com/advisories/61854

secunia.com/advisories/62021

secunia.com/advisories/62022

secunia.com/advisories/62023

www.debian.org/security/2014/dsa-3050

www.debian.org/security/2014/dsa-3061

www.mozilla.org/security/announce/2014/mfsa2014-76.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.securityfocus.com/bid/70440

www.securitytracker.com/id/1031028

www.securitytracker.com/id/1031030

www.ubuntu.com/usn/USN-2372-1

www.ubuntu.com/usn/USN-2373-1

advisories.mageia.org/MGASA-2014-0421.html

bugzilla.mozilla.org/show_bug.cgi?id=1012609

security.gentoo.org/glsa/201504-01

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

AI Score

Confidence

High

0.085 Low

EPSS

Percentile

94.5%

JSON

Related for CVE-2014-1577

cvelist1 mozilla1 openvas31 nvd1 prion1 ubuntucve1 centos2 nessus36 redhat2 oraclelinux2 veracode5 mageia2 osv2 ubuntu2 debian5 suse6 freebsd1 securityvulns1 ibm1 gentoo1