CVE-2014-1578

2014-10-1510:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-1578

mozilla firefox

firefox esr

thunderbird

denial of service

out-of-bounds write

application crash

arbitrary code execution

webm frames

video playback

security vulnerability

nvd

9.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.9%

JSON

The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback.

CPENameOperatorVersion
mozilla:firefox_esrmozilla firefox esreq31.1.0
mozilla:firefox_esrmozilla firefox esreq31.0
mozilla:firefoxmozilla firefoxle32.0
mozilla:firefoxmozilla firefoxeq31.0
mozilla:firefoxmozilla firefoxeq30.0
mozilla:firefoxmozilla firefoxeq31.1.0
mozilla:thunderbirdmozilla thunderbirdeq31.0
mozilla:thunderbirdmozilla thunderbirdeq31.1.0

CPE	Name	Operator	Version
mozilla:firefox_esr	mozilla firefox esr	eq	31.1.0
mozilla:firefox_esr	mozilla firefox esr	eq	31.0
mozilla:firefox	mozilla firefox	le	32.0
mozilla:firefox	mozilla firefox	eq	31.0
mozilla:firefox	mozilla firefox	eq	30.0
mozilla:firefox	mozilla firefox	eq	31.1.0
mozilla:thunderbird	mozilla thunderbird	eq	31.0
mozilla:thunderbird	mozilla thunderbird	eq	31.1.0