10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerabilities have been found in Firefox that affect IBM SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557).
CVEID: CVE-2014-1547**
DESCRIPTION:** Mozilla Firefox and Thunderbird might allow a remote attacker to execute arbitrary code on the system, which is caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker might exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94768> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2014-1556**
DESCRIPTION:** Mozilla Firefox and Thunderbird might allow a remote attacker to execute arbitrary code on the system, which is caused by an error in WebGLFramebuffer.cpp. By persuading a victim to visit a specially crafted Web site, a remote attacker might exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 9.3
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/94775>_ for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2014-1557**
DESCRIPTION:** Mozilla Firefox and Thunderbird might allow a remote attacker to execute arbitrary code on the system, which is caused by an error in the Skia Library. By persuading a victim to visit a specially crafted Web site, a remote attacker might exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 9.3
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/94777>_ for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2014-1555**
DESCRIPTION:** Mozilla Firefox and Thunderbird might allow a remote attacker to execute arbitrary code on the system, which is caused by a use-after-free error in the nsDocLoader::OnProgress() function when handling FireOnStateChange events. By persuading a victim to visit a specially crafted Web site, a remote attacker might exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94774> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance
The recommended solution is download SmartCloud Provisioning 2.1 Fix Pack 5 for IBM Provided Software Virtual Appliance Interim Fix 2 from Fix Central and apply it as soon as practical.
None