9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.021 Low
EPSS
Percentile
89.1%
Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531). A use-after-free flaw was found in the way Firefox and Thunderbird resolved hosts in certain circumstances. An attacker could use this flaw to crash Firefox or Thunderbird or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2014-1532). An out-of-bounds read flaw was found in the way Firefox and Thunderbird decoded JPEG images. Loading a web page containing a specially crafted JPEG image could cause Firefox or Thunderbird to crash (CVE-2014-1523). A flaw was found in the way Firefox and Thunderbird handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks (CVE-2014-1530).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | firefox | < 24.5.0-1 | firefox-24.5.0-1.mga3 |
Mageia | 3 | noarch | firefox-l10n | < 24.5.0-1 | firefox-l10n-24.5.0-1.mga3 |
Mageia | 3 | noarch | thunderbird | < 24.5.0-1 | thunderbird-24.5.0-1.mga3 |
Mageia | 3 | noarch | thunderbird-l10n | < 24.5.0-1 | thunderbird-l10n-24.5.0-1.mga3 |
Mageia | 4 | noarch | firefox | < 24.5.0-1 | firefox-24.5.0-1.mga4 |
Mageia | 4 | noarch | firefox-l10n | < 24.5.0-1 | firefox-l10n-24.5.0-1.mga4 |
Mageia | 4 | noarch | thunderbird | < 24.5.0-1 | thunderbird-24.5.0-1.mga4 |
Mageia | 4 | noarch | thunderbird-l10n | < 24.5.0-1 | thunderbird-l10n-24.5.0-1.mga4 |
www.mozilla.org/security/announce/2014/mfsa2014-34.html
www.mozilla.org/security/announce/2014/mfsa2014-37.html
www.mozilla.org/security/announce/2014/mfsa2014-38.html
www.mozilla.org/security/announce/2014/mfsa2014-42.html
www.mozilla.org/security/announce/2014/mfsa2014-43.html
www.mozilla.org/security/announce/2014/mfsa2014-44.html
www.mozilla.org/security/announce/2014/mfsa2014-46.html
www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
www.mozilla.org/security/known-vulnerabilities/thunderbird.html
bugs.mageia.org/show_bug.cgi?id=13293
rhn.redhat.com/errata/RHSA-2014-0448.html
rhn.redhat.com/errata/RHSA-2014-0449.html
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.021 Low
EPSS
Percentile
89.1%