Mozilla FoundationMFSA2014-62

HistoryJul 22, 2014 - 12:00 a.m.

Exploitable WebGL crash with Cesium JavaScript library — Mozilla

2014-07-2200:00:00

Mozilla Foundation

www.mozilla.org

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.041 Low

EPSS

Percentile

92.1%

JSON

Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable.

CPENameOperatorVersion
firefoxlt31
firefox esrlt24.7
thunderbirdlt24.7
thunderbirdlt31

Name	Operator	Version
firefox	lt	31
firefox esr	lt	24.7
thunderbird	lt	24.7
thunderbird	lt	31

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556

bugzilla.mozilla.org/show_bug.cgi?id=1028891

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.041 Low

EPSS

Percentile

92.1%

JSON

Related for MFSA2014-62