9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.956 High
EPSS
Percentile
99.4%
The Mozilla Project reports:
MFSA 2014-15 Miscellaneous memory safety hazards
(rv:28.0 / rv:24.4)
MFSA 2014-16 Files extracted during updates are not always
read only
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-18 crypto.generateCRMFRequest does not validate
type of key
MFSA 2014-19 Spoofing attack on WebRTC permission prompt
MFSA 2014-20 onbeforeunload and Javascript navigation DOS
MFSA 2014-21 Local file access via Open Link in new tab
MFSA 2014-22 WebGL content injection from one domain to
rendering in another
MFSA 2014-23 Content Security Policy for data: documents
not preserved by session restore
MFSA 2014-24 Android Crash Reporter open to manipulation
MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable
to relative path escape
MFSA 2014-26 Information disclosure through polygon
rendering in MathML
MFSA 2014-27 Memory corruption in Cairo during PDF font
rendering
MFSA 2014-28 SVG filters information disclosure through
feDisplacementMap
MFSA 2014-29 Privilege escalation using WebIDL-implemented
APIs
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-31 Out-of-bounds read/write through neutering
ArrayBuffer objects
MFSA 2014-32 Out-of-bounds write through TypedArrayObject
after neutering
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | firefox | < 28.0,1 | UNKNOWN |
FreeBSD | any | noarch | firefox-esr | < 24.4.0,1 | UNKNOWN |
FreeBSD | any | noarch | linux-firefox | < 28.0,1 | UNKNOWN |
FreeBSD | any | noarch | linux-seamonkey | < 2.25 | UNKNOWN |
FreeBSD | any | noarch | linux-thunderbird | < 24.4.0 | UNKNOWN |
FreeBSD | any | noarch | seamonkey | < 2.25 | UNKNOWN |
FreeBSD | any | noarch | thunderbird | < 24.4.0 | UNKNOWN |
www.mozilla.org/security/known-vulnerabilities/
www.mozilla.org/security/announce/2014/mfsa2014-15.html
www.mozilla.org/security/announce/2014/mfsa2014-16.html
www.mozilla.org/security/announce/2014/mfsa2014-17.html
www.mozilla.org/security/announce/2014/mfsa2014-18.html
www.mozilla.org/security/announce/2014/mfsa2014-19.html
www.mozilla.org/security/announce/2014/mfsa2014-20.html
www.mozilla.org/security/announce/2014/mfsa2014-21.html
www.mozilla.org/security/announce/2014/mfsa2014-22.html
www.mozilla.org/security/announce/2014/mfsa2014-23.html
www.mozilla.org/security/announce/2014/mfsa2014-24.html
www.mozilla.org/security/announce/2014/mfsa2014-25.html
www.mozilla.org/security/announce/2014/mfsa2014-26.html
www.mozilla.org/security/announce/2014/mfsa2014-27.html
www.mozilla.org/security/announce/2014/mfsa2014-28.html
www.mozilla.org/security/announce/2014/mfsa2014-29.html
www.mozilla.org/security/announce/2014/mfsa2014-30.html
www.mozilla.org/security/announce/2014/mfsa2014-31.html
www.mozilla.org/security/announce/2014/mfsa2014-32.html
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.956 High
EPSS
Percentile
99.4%