Lucene search

[email protected]NVD:CVE-2014-1555

HistoryJul 23, 2014 - 11:12 a.m.

CVE-2014-1555

2014-07-2311:12:43

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.069

Percentile

94.0%

JSON

Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.

Affected configurations

Nvd

Node

mozillafirefoxRange≤30.0

mozillafirefox_esrMatch24.0

mozillafirefox_esrMatch24.0.1

mozillafirefox_esrMatch24.0.2

mozillafirefox_esrMatch24.1.0

mozillafirefox_esrMatch24.1.1

mozillafirefox_esrMatch24.2

mozillafirefox_esrMatch24.3

mozillafirefox_esrMatch24.4

mozillafirefox_esrMatch24.5

mozillafirefox_esrMatch24.6

mozillathunderbirdRange≤24.6

mozillathunderbirdMatch24.0

mozillathunderbirdMatch24.0.1

mozillathunderbirdMatch24.1

mozillathunderbirdMatch24.1.1

mozillathunderbirdMatch24.2

mozillathunderbirdMatch24.3

mozillathunderbirdMatch24.4

mozillathunderbirdMatch24.5

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox_esr24.0cpe:2.3:a:mozilla:firefox_esr:24.0:*:*:*:*:*:*:*
mozillafirefox_esr24.0.1cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*
mozillafirefox_esr24.0.2cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*
mozillafirefox_esr24.1.0cpe:2.3:a:mozilla:firefox_esr:24.1.0:*:*:*:*:*:*:*
mozillafirefox_esr24.1.1cpe:2.3:a:mozilla:firefox_esr:24.1.1:*:*:*:*:*:*:*
mozillafirefox_esr24.2cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*
mozillafirefox_esr24.3cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*
mozillafirefox_esr24.4cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*
mozillafirefox_esr24.5cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox_esr	24.0	cpe:2.3:a:mozilla:firefox_esr:24.0:::::::*
mozilla	firefox_esr	24.0.1	cpe:2.3:a:mozilla:firefox_esr:24.0.1:::::::*
mozilla	firefox_esr	24.0.2	cpe:2.3:a:mozilla:firefox_esr:24.0.2:::::::*
mozilla	firefox_esr	24.1.0	cpe:2.3:a:mozilla:firefox_esr:24.1.0:::::::*
mozilla	firefox_esr	24.1.1	cpe:2.3:a:mozilla:firefox_esr:24.1.1:::::::*
mozilla	firefox_esr	24.2	cpe:2.3:a:mozilla:firefox_esr:24.2:::::::*
mozilla	firefox_esr	24.3	cpe:2.3:a:mozilla:firefox_esr:24.3:::::::*
mozilla	firefox_esr	24.4	cpe:2.3:a:mozilla:firefox_esr:24.4:::::::*
mozilla	firefox_esr	24.5	cpe:2.3:a:mozilla:firefox_esr:24.5:::::::*