CVE-2014-1580

2014-10-1510:55:06

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.004

Percentile

74.4%

JSON

Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element.

Affected configurations

Nvd

Node

mozillafirefoxRange≤32.0

mozillafirefoxMatch30.0

mozillafirefoxMatch31.0

mozillafirefoxMatch31.1.0

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox30.0cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*
mozillafirefox31.0cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
mozillafirefox31.1.0cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	30.0	cpe:2.3:a:mozilla:firefox:30.0:::::::*
mozilla	firefox	31.0	cpe:2.3:a:mozilla:firefox:31.0:::::::*
mozilla	firefox	31.1.0	cpe:2.3:a:mozilla:firefox:31.1.0:::::::*