CVE-2014-1576

2014-10-1510:55:06

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.204

Percentile

96.4%

JSON

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style.

Affected configurations

Nvd

Node

mozillathunderbirdMatch31.0

mozillathunderbirdMatch31.1.0

Node

mozillafirefox_esrMatch31.0

mozillafirefox_esrMatch31.1.0

Node

mozillafirefoxRange≤32.0

mozillafirefoxMatch30.0

mozillafirefoxMatch31.0

mozillafirefoxMatch31.1.0

VendorProductVersionCPE
mozillathunderbird31.0cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*
mozillathunderbird31.1.0cpe:2.3:a:mozilla:thunderbird:31.1.0:*:*:*:*:*:*:*
mozillafirefox_esr31.0cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
mozillafirefox_esr31.1.0cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox30.0cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*
mozillafirefox31.0cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
mozillafirefox31.1.0cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	thunderbird	31.0	cpe:2.3:a:mozilla:thunderbird:31.0:::::::*
mozilla	thunderbird	31.1.0	cpe:2.3:a:mozilla:thunderbird:31.1.0:::::::*
mozilla	firefox_esr	31.0	cpe:2.3:a:mozilla:firefox_esr:31.0:::::::*
mozilla	firefox_esr	31.1.0	cpe:2.3:a:mozilla:firefox_esr:31.1.0:::::::*
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	30.0	cpe:2.3:a:mozilla:firefox:30.0:::::::*
mozilla	firefox	31.0	cpe:2.3:a:mozilla:firefox:31.0:::::::*
mozilla	firefox	31.1.0	cpe:2.3:a:mozilla:firefox:31.1.0:::::::*