Lucene search

K

[email protected]NVD:CVE-2014-1567

HistorySep 03, 2014 - 10:55 a.m.

CVE-2014-1567

2014-09-0310:55:06

[email protected]

web.nvd.nist.gov

1

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.102 Low

EPSS

Percentile

95.0%

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.

Affected configurations

NVD

Node

mozillafirefoxRange≤31.1.0

OR

mozillafirefoxMatch30.0

OR

mozillafirefoxMatch31.0

Node

mozillafirefox_esrMatch24.0

OR

mozillafirefox_esrMatch24.0.1

OR

mozillafirefox_esrMatch24.0.2

OR

mozillafirefox_esrMatch24.1.0

OR

mozillafirefox_esrMatch24.1.1

OR

mozillafirefox_esrMatch24.2

OR

mozillafirefox_esrMatch24.3

OR

mozillafirefox_esrMatch24.4

OR

mozillafirefox_esrMatch24.5

OR

mozillafirefox_esrMatch24.6

OR

mozillafirefox_esrMatch24.7

OR

mozillafirefox_esrMatch31.0

Node

mozillathunderbirdMatch24.0

OR

mozillathunderbirdMatch24.0.1

OR

mozillathunderbirdMatch24.1

OR

mozillathunderbirdMatch24.1.1

OR

mozillathunderbirdMatch24.2

OR

mozillathunderbirdMatch24.3

OR

mozillathunderbirdMatch24.4

OR

mozillathunderbirdMatch24.5

OR

mozillathunderbirdMatch24.6

OR

mozillathunderbirdMatch24.7

OR

mozillathunderbirdMatch31.0

References

lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html

lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-updates/2014-09/msg00011.html

secunia.com/advisories/60148

secunia.com/advisories/60186

secunia.com/advisories/61114

secunia.com/advisories/61390

www.debian.org/security/2014/dsa-3018

www.debian.org/security/2014/dsa-3028

www.mozilla.org/security/announce/2014/mfsa2014-72.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/69520

www.securitytracker.com/id/1030793

www.securitytracker.com/id/1030794

bugzilla.mozilla.org/show_bug.cgi?id=1037641

security.gentoo.org/glsa/201504-01

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.102 Low

EPSS

Percentile

95.0%

Related for NVD:CVE-2014-1567

prion1 openvas36 ubuntucve1 mozilla1 cve1 zdi1 cvelist1 nessus28 centos2 redhat2 ibm3 debian2 suse9 osv2 oraclelinux2 mageia2 veracode1 ubuntu2 securityvulns1 gentoo1