Lucene search

[email protected]NVD:CVE-2014-1532

HistoryApr 30, 2014 - 10:49 a.m.

CVE-2014-1532

2014-04-3010:49:05

CWE-416

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.

Affected configurations

NVD

Node

mozillafirefoxRange<29.0

mozillafirefox_esrRange24.0–24.5

mozillaseamonkeyRange<2.26

mozillathunderbirdRange<24.5

Node

fedoraprojectfedoraMatch19

fedoraprojectfedoraMatch20

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.10

canonicalubuntu_linuxMatch14.04esm

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.5

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.5

redhatenterprise_linux_server_eusMatch6.5

redhatenterprise_linux_server_tusMatch6.5

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

susesuse_linux_enterprise_serverMatch10sp4ltss

susesuse_linux_enterprise_serverMatch11sp1ltss

References

lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html

lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html

lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html

lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html

lists.opensuse.org/opensuse-updates/2014-05/msg00010.html

lists.opensuse.org/opensuse-updates/2014-05/msg00013.html

lists.opensuse.org/opensuse-updates/2014-05/msg00033.html

lists.opensuse.org/opensuse-updates/2014-05/msg00040.html

rhn.redhat.com/errata/RHSA-2014-0448.html

rhn.redhat.com/errata/RHSA-2014-0449.html

secunia.com/advisories/59866

www.debian.org/security/2014/dsa-2918

www.debian.org/security/2014/dsa-2924

www.mozilla.org/security/announce/2014/mfsa2014-46.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/67130

www.securitytracker.com/id/1030163

www.securitytracker.com/id/1030164

www.securitytracker.com/id/1030165

www.ubuntu.com/usn/USN-2185-1

www.ubuntu.com/usn/USN-2189-1

bugzilla.mozilla.org/show_bug.cgi?id=966006

security.gentoo.org/glsa/201504-01

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

Related for NVD:CVE-2014-1532

mozilla1 cve1 openvas43 cvelist1 ubuntucve1 prion1 redhat2 nessus34 debian2 oraclelinux2 centos2 osv2 veracode5 ubuntu2 mageia2 suse6 ibm2 freebsd1 securityvulns1 gentoo1