Lucene search

K

[email protected]NVD:CVE-2014-1578

HistoryOct 15, 2014 - 10:55 a.m.

CVE-2014-1578

2014-10-1510:55:06

CWE-119

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.051 Low

EPSS

Percentile

93.0%

The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback.

Affected configurations

NVD

Node

mozillafirefox_esrMatch31.0

OR

mozillafirefox_esrMatch31.1.0

Node

mozillafirefoxRange≤32.0

OR

mozillafirefoxMatch30.0

OR

mozillafirefoxMatch31.0

OR

mozillafirefoxMatch31.1.0

Node

mozillathunderbirdMatch31.0

OR

mozillathunderbirdMatch31.1.0

References

lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html

lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html

lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-updates/2014-11/msg00000.html

lists.opensuse.org/opensuse-updates/2014-11/msg00001.html

lists.opensuse.org/opensuse-updates/2014-11/msg00002.html

lists.opensuse.org/opensuse-updates/2014-11/msg00003.html

rhn.redhat.com/errata/RHSA-2014-1635.html

rhn.redhat.com/errata/RHSA-2014-1647.html

secunia.com/advisories/61387

secunia.com/advisories/61854

secunia.com/advisories/62021

secunia.com/advisories/62022

secunia.com/advisories/62023

www.debian.org/security/2014/dsa-3050

www.debian.org/security/2014/dsa-3061

www.mozilla.org/security/announce/2014/mfsa2014-77.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.securityfocus.com/bid/70428

www.securitytracker.com/id/1031028

www.securitytracker.com/id/1031030

www.ubuntu.com/usn/USN-2372-1

www.ubuntu.com/usn/USN-2373-1

advisories.mageia.org/MGASA-2014-0421.html

bugzilla.mozilla.org/show_bug.cgi?id=1063327

security.gentoo.org/glsa/201504-01

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.051 Low

EPSS

Percentile

93.0%

Related for NVD:CVE-2014-1578

freebsd1 cve1 debiancve1 prion1 openvas31 nessus36 ubuntucve1 cvelist1 mozilla1 centos2 redhat2 oraclelinux2 veracode5 mageia2 osv2 ubuntu2 debian5 suse6 securityvulns1 ibm1 gentoo1