Lucene search

K

[email protected]NVD:CVE-2014-1512

HistoryMar 19, 2014 - 10:55 a.m.

CVE-2014-1512

2014-03-1910:55:06

CWE-416

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.7 High

AI Score

Confidence

High

0.93 High

EPSS

Percentile

99.1%

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.

Affected configurations

NVD

Node

mozillafirefoxRange<28.0

OR

mozillafirefox_esrRange24.0–24.4

OR

mozillaseamonkeyRange<2.25

OR

mozillathunderbirdRange<24.4

Node

debiandebian_linuxMatch7.0

OR

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch12.04esm

OR

canonicalubuntu_linuxMatch12.10

OR

canonicalubuntu_linuxMatch13.10

Node

redhatenterprise_linux_desktopMatch5.0

OR

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_eusMatch6.5

OR

redhatenterprise_linux_serverMatch5.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_server_ausMatch6.5

OR

redhatenterprise_linux_server_eusMatch6.5

OR

redhatenterprise_linux_server_tusMatch6.5

OR

redhatenterprise_linux_workstationMatch5.0

OR

redhatenterprise_linux_workstationMatch6.0

Node

susesuse_linux_enterprise_software_development_kitMatch11.0sp3

OR

opensuseopensuseMatch11.4

OR

opensuseopensuseMatch12.3

OR

opensuseopensuseMatch13.1

OR

susesuse_linux_enterprise_desktopMatch11sp3

OR

susesuse_linux_enterprise_serverMatch11sp3-

OR

susesuse_linux_enterprise_serverMatch11sp3vmware

References

archives.neohapsis.com/archives/bugtraq/2014-03/0145.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html

lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html

rhn.redhat.com/errata/RHSA-2014-0310.html

rhn.redhat.com/errata/RHSA-2014-0316.html

www.debian.org/security/2014/dsa-2881

www.debian.org/security/2014/dsa-2911

www.mozilla.org/security/announce/2014/mfsa2014-30.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/66209

www.ubuntu.com/usn/USN-2151-1

bugzilla.mozilla.org/show_bug.cgi?id=982957

security.gentoo.org/glsa/201504-01

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.7 High

AI Score

Confidence

High

0.93 High

EPSS

Percentile

99.1%

Related for NVD:CVE-2014-1512

cve1 zdi1 ubuntucve1 veracode3 prion1 cvelist1 openvas43 mozilla1 nessus28 debian2 redhat2 centos2 oraclelinux2 ibm2 ubuntu2 osv2 mageia2 suse5 freebsd1 securityvulns1 gentoo1